Skip to content

Block procedures from requesting private ip ranges #4243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joshua-spacetime wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Block procedures from requesting private ip ranges #4243

joshua-spacetime wants to merge 7 commits into from
+726 −2

Conversation

@joshua-spacetime
Copy link
Collaborator

@joshua-spacetime joshua-spacetime commented Feb 10, 2026
edited
Loading

Description of Changes

Blocks procedures from requesting private ip ranges after dns resolution.

API and ABI breaking changes

None

Expected complexity level and risk

  1. I may have missed a range.

Testing

  • Unit tests for IP address matching
  • Smoketest for blocking a private IP address

bfops
bfops approved these changes Feb 10, 2026
View reviewed changes
Copy link
Collaborator

@bfops bfops left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tools/ci changes LGTM! (I didn't review anything else)

Kasama
Kasama requested changes Feb 10, 2026
View reviewed changes
Kasama
Kasama approved these changes Feb 10, 2026
View reviewed changes
Kasama
Kasama requested changes Feb 10, 2026
View reviewed changes
Copy link
Contributor

@Kasama Kasama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops. Accidentally approved instead of requesting changes.

Again, we probably don't want to test this many IPs in the final test, but I've commented with them for now so we can be pretty sure those ranges are covered

@joshua-spacetime joshua-spacetime force-pushed the joshua/block-internal-ips branch from e5a1772 to 7acdc5a Compare February 10, 2026 16:57
Kasama
Kasama approved these changes Feb 10, 2026
View reviewed changes
Copy link
Contributor

@Kasama Kasama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All ranges look to be covered!

@Kasama
Copy link
Contributor

Kasama commented Feb 10, 2026

just one nit. As these ip checks are a big blob of numbers and checks kinda unrelated to the rest of the file. Would it make sense to move those checks onto a separate module instead?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bfops bfops bfops approved these changes

@Kasama Kasama Kasama approved these changes

@coolreader18 coolreader18 Awaiting requested review from coolreader18

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joshua-spacetime @Kasama @bfops