Use an empty list as default

docs/sample_config.yaml

@@ -102,7 +102,8 @@ pid_file: DATADIR/homeserver.pid
 #  - syd.example.com
 
 # Prevent federation requests from being sent to the following
-# blacklist IP address CIDR ranges.
+# blacklist IP address CIDR ranges. If this option is not specified, or
+# specified with an empty list, no ip range blacklist will be enforced.
 #
 #federation_ip_range_blacklist:
 #  - '127.0.0.0/8'

synapse/config/server.py

@@ -17,6 +17,8 @@
 import logging
 import os.path
 
+from netaddr import IPSet
+
 from synapse.http.endpoint import parse_and_validate_server_name
 from synapse.python_dependencies import DependencyException, check_requirements
 
@@ -123,28 +125,19 @@ class ServerConfig(Config):
                 self.federation_domain_whitelist[domain] = True
 
         self.federation_ip_range_blacklist = config.get(
-            "federation_ip_range_blacklist", None,
+            "federation_ip_range_blacklist", [],
         )
-        if self.federation_ip_range_blacklist is not None:
-            # Import IPSet
-            try:
-                from netaddr import IPSet
-            except ImportError:
-                raise ConfigError(
-                    "Missing netaddr library. This is required to use "
-                    "federation_ip_range_blacklist"
-                )
 
-            # Attempt to create an IPSet from the given ranges
-            try:
-                self.federation_ip_range_blacklist = IPSet(
-                    self.federation_ip_range_blacklist
-                )
-            except Exception as e:
-                raise ConfigError(
-                    "Invalid range(s) provided in "
-                    "federation_ip_range_blacklist: %s" % e
-                )
+        # Attempt to create an IPSet from the given ranges
+        try:
+            self.federation_ip_range_blacklist = IPSet(
+                self.federation_ip_range_blacklist
+            )
+        except Exception as e:
+            raise ConfigError(
+                "Invalid range(s) provided in "
+                "federation_ip_range_blacklist: %s" % e
+            )
 
         if self.public_baseurl is not None:
             if self.public_baseurl[-1] != '/':
@@ -376,7 +369,8 @@ class ServerConfig(Config):
         #  - syd.example.com
 
         # Prevent federation requests from being sent to the following
-        # blacklist IP address CIDR ranges.
+        # blacklist IP address CIDR ranges. If this option is not specified, or
+        # specified with an empty list, no ip range blacklist will be enforced.
         #
         #federation_ip_range_blacklist:
         #  - '127.0.0.0/8'

synapse/http/matrixfederationclient.py

@@ -176,42 +176,35 @@ class MatrixFederationHttpClient(object):
         self.signing_key = hs.config.signing_key[0]
         self.server_name = hs.hostname
 
-        if hs.config.federation_ip_range_blacklist is not None:
-            real_reactor = hs.get_reactor()
-            # If we have an IP blacklist, we need to use a DNS resolver which
-            # filters out blacklisted IP addresses, to prevent DNS rebinding.
-            nameResolver = IPBlacklistingResolver(
-                real_reactor, None, hs.config.federation_ip_range_blacklist,
-                federation=True,
-            )
+        real_reactor = hs.get_reactor()
 
-            @implementer(IReactorPluggableNameResolver)
-            class Reactor(object):
-                def __getattr__(_self, attr):
-                    if attr == "nameResolver":
-                        return nameResolver
-                    else:
-                        return getattr(real_reactor, attr)
+        # We need to use a DNS resolver which filters out blacklisted IP
+        # addresses, to prevent DNS rebinding.
+        nameResolver = IPBlacklistingResolver(
+            real_reactor, None, hs.config.federation_ip_range_blacklist,
+            federation=True,
+        )
 
-            self.reactor = Reactor()
+        @implementer(IReactorPluggableNameResolver)
+        class Reactor(object):
+            def __getattr__(_self, attr):
+                if attr == "nameResolver":
+                    return nameResolver
+                else:
+                    return getattr(real_reactor, attr)
 
-            self.agent = MatrixFederationAgent(
-                self.reactor,
-                tls_client_options_factory,
-            )
+        self.reactor = Reactor()
 
-            # Prevent direct connections to blacklisted IP addresses
-            self.agent = BlacklistingAgentWrapper(
-                self.agent, self.reactor,
-                ip_blacklist=hs.config.federation_ip_range_blacklist,
-            )
-        else:
-            self.reactor = hs.get_reactor()
+        self.agent = MatrixFederationAgent(
+            self.reactor,
+            tls_client_options_factory,
+        )
 
-            self.agent = MatrixFederationAgent(
-                self.reactor,
-                tls_client_options_factory,
-            )
+        # Prevent direct connections to blacklisted IP addresses
+        self.agent = BlacklistingAgentWrapper(
+            self.agent, self.reactor,
+            ip_blacklist=hs.config.federation_ip_range_blacklist,
+        )
 
         self.clock = hs.get_clock()
         self._store = hs.get_datastore()

tests/http/test_fedclient.py

@@ -78,7 +78,7 @@ class FederationClientTests(HomeserverTestCase):
         # Nothing happened yet
         self.assertNoResult(test_d)
 
-        # Make sure the req is trying to connect
+        # Make sure treq is trying to connect
         clients = self.reactor.tcpClients
         self.assertEqual(len(clients), 1)
         (host, port, factory, _timeout, _bindAddress) = clients[0]