jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Support reserved port ranges

Browse Source
This commit is contained in:
Johannes Zellner
2020-03-30 10:01:52 +02:00
parent f52000958c
commit f78571e46d
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/apps.js
View File

@@ -149,7 +149,7 @@ function validatePortBindings(portBindings, manifest) {
// keep the public ports in sync with firewall rules in setup/start/cloudron-firewall.sh
// these ports are reserved even if we listen only on 127.0.0.1 because we setup HostIp to be 127.0.0.1
// for custom tcp ports
var RESERVED_PORTS = [
const RESERVED_PORTS = [
22, /* ssh */
25, /* smtp */
53, /* dns */
@@ -176,6 +176,10 @@ function validatePortBindings(portBindings, manifest) {
8417, /* graphite (lo) */
];
const RESERVED_PORT_RANGES = [
[50000, 51000] /* turn udp ports */
];
if (!portBindings) return null;
for (let portName in portBindings) {
@@ -184,6 +188,7 @@ function validatePortBindings(portBindings, manifest) {
const hostPort = portBindings[portName];
if (!Number.isInteger(hostPort)) return new BoxError(BoxError.BAD_FIELD, `${hostPort} is not an integer`, { field: 'portBindings', portName: portName });
if (RESERVED_PORTS.indexOf(hostPort) !== -1) return new BoxError(BoxError.BAD_FIELD, `Port ${hostPort} is reserved.`, { field: 'portBindings', portName: portName });
if (RESERVED_PORT_RANGES.find(range => (hostPort >= range[0] && hostPort <= range[1]))) return new BoxError(BoxError.BAD_FIELD, `Port ${hostPort} is reserved.`, { field: 'portBindings', portName: portName });
if (hostPort <= 1023 || hostPort > 65535) return new BoxError(BoxError.BAD_FIELD, `${hostPort} is not in permitted range`, { field: 'portBindings', portName: portName });
}