firewall: do not allow internal docker IPs

2025-05-06 16:32:11 +02:00
parent a7c6e36ec3
commit dc49dd0a94
1 changed files with 4 additions and 0 deletions
@@ -85,6 +85,10 @@ async function setBlocklist(blocklist, auditSource) {
        } else {
            if (ipaddr.includes(rangeOrIP, auditSource.ip)) throw new BoxError(BoxError.BAD_FIELD, `range ${rangeOrIP} includes client IP. Cannot block yourself`);
        }
+
+        // this won't work in cases where it's a bigger subnet
+        if (rangeOrIP.startsWith('172.18.') || rangeOrIP.toLowerCase().startsWith('fd00:c107:d509:')) throw new BoxError(BoxError.BAD_FIELD, `${rangeOrIP} includes internal docker network. This cannot be blocked`);
+
        ++count;
    }