mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-19 17:56:19 +03:00
Code Issues Projects Releases Packages Wiki Activity

always blacklist 0.0.0.0, ::

Browse source
This commit is contained in:
Andrew Morgan 2019-05-10 09:50:40 -07:00
parent ede582f91a
commit 4ba420f298
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
synapse/config/server.py
View file

@ -130,11 +130,15 @@ class ServerConfig(Config):
"federation_ip_range_blacklist", [], "federation_ip_range_blacklist", [],
) )
# Attempt to create an IPSet from the given ranges # Attempt to create an IPSet from the given ranges
try: try:
self.federation_ip_range_blacklist = IPSet( self.federation_ip_range_blacklist = IPSet(
self.federation_ip_range_blacklist self.federation_ip_range_blacklist
) )
# Always blacklist 0.0.0.0, ::
self.federation_ip_range_blacklist.update(["0.0.0.0", "::"])
except Exception as e: except Exception as e:
raise ConfigError( raise ConfigError(
"Invalid range(s) provided in " "Invalid range(s) provided in "
@ -374,6 +378,9 @@ class ServerConfig(Config):
# blacklist IP address CIDR ranges. If this option is not specified, or # blacklist IP address CIDR ranges. If this option is not specified, or
# specified with an empty list, no ip range blacklist will be enforced. # specified with an empty list, no ip range blacklist will be enforced.
# #
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
# listed here, since they correspond to unroutable addresses.)
#
federation_ip_range_blacklist: federation_ip_range_blacklist:
- '127.0.0.0/8' - '127.0.0.0/8'
- '10.0.0.0/8' - '10.0.0.0/8'