Configuration is broken down into three sections: General Configuration, Client Rules, and SOCKS Rules. General Configuration sets up global properties of the SOCKS server (interfaces, etc).
Client and SOCKS Rules are the core of the SOCKS access control system. These rules operate on different layers of the connection. Client rules operate at the TCP/IP layer and SOCKS rules operate at the application layer.
Before a client can even establish a connection with the SOCKS server they need a Client rule allowing them. Once the user has a TCP/IP session established the SOCKS rules are consulted.
Rules come in two configurations: pass and deny. As you'd expect, pass rules permit the connection to continue while deny rules do not.
Next comes the issue of Authentication. If Authentication is enabled then the client must send a valid (local) username/password along with their initial SOCKS request. In order for the user to be authenticated, they must have a valid account on the EnGarde Server.