[GH-ISSUE #2464] Block LAN Access #1955

New issue

Closed

opened 2026-05-05 13:15:28 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 13:15:28 -06:00

Owner

Originally created by @tzahico on GitHub (Jun 30, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2464

Hello,

Is there a way to block FRPC from accessing Local Network (Private / Internal IP addresses)?

We can achieve that using Windows Firewall
netsh advfirewall firewall add rule name="FRP" dir=out action=block program="frpc.exe" enable=yes localip=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 remoteip=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

But is there a way to do it from the INI file? Currently we use the following conf:

[common]
server_addr = x.x.x.x
server_port = port

[http_x.x.x.x_677567]
type = tcp
remote_port = port
plugin = http_proxy
plugin_http_user = user
plugin_http_passwd = password
group = http_proxy
group_key = key

Thanks!

Originally created by @tzahico on GitHub (Jun 30, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2464 Hello, Is there a way to block FRPC from accessing Local Network (Private / Internal IP addresses)? We can achieve that using Windows Firewall `netsh advfirewall firewall add rule name="FRP" dir=out action=block program="frpc.exe" enable=yes localip=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 remoteip=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` But is there a way to do it from the INI file? Currently we use the following conf: ``` [common] server_addr = x.x.x.x server_port = port [http_x.x.x.x_677567] type = tcp remote_port = port plugin = http_proxy plugin_http_user = user plugin_http_passwd = password group = http_proxy group_key = key ``` Thanks!

gitea-mirror

2026-05-05 13:15:28 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 13:15:31 -06:00

Author

Owner

@fatedier commented on GitHub (Jul 8, 2021):

I don't think it's a good idea to trust that third-party applications won't connect to your specified IP range.

For security issue, system firewall or other underlying network tools are more reliable.

@fatedier commented on GitHub (Jul 8, 2021): I don't think it's a good idea to trust that third-party applications won't connect to your specified IP range. For security issue, system firewall or other underlying network tools are more reliable.

gitea-mirror commented

2026-05-05 13:15:32 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Aug 8, 2021):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Aug 8, 2021): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.