jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

firewall: max 65536 elements

Browse Source
This commit is contained in:
Girish Ramakrishnan
2023-12-07 21:52:51 +01:00
parent 21f830eb8c
commit 93d3b24300
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/network.js
+3
View File
@@ -76,6 +76,7 @@ async function setBlocklist(blocklist, auditSource) {
const parsedIp = ipaddr.process(auditSource.ip);
let count = 0;
for (const line of blocklist.split('\n')) {
if (!line || line.startsWith('#')) continue;
const rangeOrIP = line.trim();
@@ -88,8 +89,10 @@ async function setBlocklist(blocklist, auditSource) {
const parsedRange = ipaddr.parseCIDR(rangeOrIP); // returns [addr, range]
if (parsedRange[0].kind() === parsedIp.kind() && parsedIp.match(parsedRange)) throw new BoxError(BoxError.BAD_FIELD, `${rangeOrIP} includes client IP. Cannot block yourself`);
}
++count;
}
if (count >= 65536) throw new BoxError(BoxError.CONFLICT, 'Blocklist is too large. Max 65536 entries are allowed'); // https://ipset.netfilter.org/ipset.man.html (maxelem)
if (constants.DEMO) throw new BoxError(BoxError.CONFLICT, 'Not allowed in demo mode');
// store in blob since the value field is TEXT and has 16kb size limit