summary refs log tree commit diff
path: root/docs/sample_config.yaml
diff options
context:
space:
mode:
authorAndrew Morgan <1342360+anoadragon453@users.noreply.github.com>2019-05-13 11:05:06 -0700
committerRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-05-13 19:05:06 +0100
commit5a4b328f522e9d08248dc03613fb0529f7529dbb (patch)
treea9593782314649f749411b558d51e24d98fef5c7 /docs/sample_config.yaml
parent0.99.4rc1 (diff)
downloadsynapse-5a4b328f522e9d08248dc03613fb0529f7529dbb.tar.xz
Add ability to blacklist ip ranges for federation traffic (#5043)
Diffstat (limited to 'docs/sample_config.yaml')
-rw-r--r--docs/sample_config.yaml18
1 files changed, 18 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index bdfc34c6bd..c4e5c4cf39 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -115,6 +115,24 @@ pid_file: DATADIR/homeserver.pid
 #  - nyc.example.com
 #  - syd.example.com
 
+# Prevent federation requests from being sent to the following
+# blacklist IP address CIDR ranges. If this option is not specified, or
+# specified with an empty list, no ip range blacklist will be enforced.
+#
+# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+# listed here, since they correspond to unroutable addresses.)
+#
+federation_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'
+
 # List of ports that Synapse should listen on, their purpose and their
 # configuration.
 #