always blacklist 0.0.0.0, ::

author: Andrew Morgan <andrew@amorgan.xyz> 2019-05-10 09:50:40 -0700
committer: Andrew Morgan <andrew@amorgan.xyz> 2019-05-10 09:50:40 -0700
commit: 4ba420f298631c2df186d23d7d38f979144360ac (patch)
tree: b28da83e83b3e5437ae17f27ce48c042189be832
parent: lint (diff)
download: synapse-4ba420f298631c2df186d23d7d38f979144360ac.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 918b69a816..292c3e7431 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -130,11 +130,15 @@ class ServerConfig(Config):
             "federation_ip_range_blacklist", [],
         )
 
+
         # Attempt to create an IPSet from the given ranges
         try:
             self.federation_ip_range_blacklist = IPSet(
                 self.federation_ip_range_blacklist
             )
+
+            # Always blacklist 0.0.0.0, ::
+            self.federation_ip_range_blacklist.update(["0.0.0.0", "::"])
         except Exception as e:
             raise ConfigError(
                 "Invalid range(s) provided in "
@@ -374,6 +378,9 @@ class ServerConfig(Config):
         # blacklist IP address CIDR ranges. If this option is not specified, or
         # specified with an empty list, no ip range blacklist will be enforced.
         #
+        # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+        # listed here, since they correspond to unroutable addresses.)
+        #
         federation_ip_range_blacklist:
           - '127.0.0.0/8'
           - '10.0.0.0/8'
author	Andrew Morgan <andrew@amorgan.xyz>	2019-05-10 09:50:40 -0700
committer	Andrew Morgan <andrew@amorgan.xyz>	2019-05-10 09:50:40 -0700
commit	4ba420f298631c2df186d23d7d38f979144360ac (patch)
tree	b28da83e83b3e5437ae17f27ce48c042189be832
parent	lint (diff)
download	synapse-4ba420f298631c2df186d23d7d38f979144360ac.tar.xz