Simple SOCKS5 proxy based on systemctl, iptables and ssh with access control

socks5.acl

# Put under /etc/
# SOCKS5 proxy access control
# One IPv4 address per line

127.0.0.1

[email protected]

# Put under /etc/systemd/system/
# ACL file is required
# Usage:
# $ sudo systemctl daemon-reload
# $ sudo systemctl start socks5@9000

[Unit]
Description=socks5 proxy
After=network.target

[Service]
ExecStartPre=/bin/sh -c "(/sbin/iptables -L | grep SOCKS5_%i && /sbin/iptables -F SOCKS5_%i && /sbin/iptables -D INPUT -p tcp --dport %i -j SOCKS5_%i && /sbin/iptables -X SOCKS5_%i) || true"
ExecStartPre=/bin/sh -c "/sbin/iptables -N SOCKS5_%i && /sbin/iptables -A INPUT -p tcp --dport %i -j SOCKS5_%i"
ExecStartPre=/bin/sh -c "cat /etc/socks5.acl | sed '/^#/ d' | xargs -i /sbin/iptables -A SOCKS5_%i --src {} -p tcp --dport %i -j ACCEPT"
ExecStartPre=/sbin/iptables -A SOCKS5_%i -p tcp --dport %i -j REJECT
ExecStart=/usr/bin/ssh -N -D 0.0.0.0:%i localhost
ExecStopPost=/bin/sh -c "/sbin/iptables -F SOCKS5_%i && /sbin/iptables -D INPUT -p tcp --dport %i -j SOCKS5_%i && /sbin/iptables -X SOCKS5_%i"

[Install]
WantedBy=multi-user.target