Make easier IP source range filtering

EnigmaCurry / d.rymcg.tech

A collection of self-hosted docker-compose projects with Traefik reverse proxy, integrated auth, and administrative Makefiles for easy maintainance

MIT License

47 stars 8 forks source link

Make easier IP source range filtering #258

Open EnigmaCurry opened 1 month ago

EnigmaCurry commented 1 month ago

Every app has an IP source range filter already. Create a new common make target to simplify configuring it:

$ make ip-allow
? Do you want to configure a Source IP range filter to limit access by network
> No
  Yes, use my current public IP address (queries https://ifconfig.me)
  Yes, use my current local IP address list
  Yes, I would like to enter the value/list manually

make ip-allow ALLOW=192.168.0.0/24,10.10.10.0/24

EnigmaCurry commented 1 month ago

Also see #227 - we should have a similar target for the excluded ips

$ make ip-deny
? Do you want to deny (carve out) certain networks from the ip-allow list?
> No, I want to allow all network ranges within the ip-allow list.
  Yes, I want to explicitly remove certain networks from the ip-allow list.

WHOAMI_IP_STRATEGY_EXCLUDED_IPS: Enter the list of excluded networks (CIDR, comma separated)