events {}

stream {
    # TCP proxy configuration
    server {
        listen ${BACKEND_TCP_PORT};
        allow ${ALLOWED_IPS}; # Apply IP restrictions based on the ALLOWED_IPS variable
        deny all;
        proxy_pass ${BACKEND_HOST}:${BACKEND_TCP_PORT};
    }

    # UDP proxy configuration
    server {
        listen ${BACKEND_UDP_PORT} udp;
        allow ${ALLOWED_IPS}; # Apply IP restrictions
        deny all;
        proxy_pass ${BACKEND_HOST}:${BACKEND_UDP_PORT};
    }
}