From aac2c49b9b8a241f7a13726cfa74bf3a67c9079f Mon Sep 17 00:00:00 2001
From: Michael Kutzner <65556178+mikure@users.noreply.github.com>
Date: Tue, 15 Jun 2021 09:53:55 +0200
Subject: Fix 'ip_range_whitelist' not working for federation servers (#10115)

Add 'federation_ip_range_whitelist'. This allows backwards-compatibility, If 'federation_ip_range_blacklist' is set. Otherwise 'ip_range_whitelist' will be used for federation servers.

Signed-off-by: Michael Kutzner 1mikure@gmail.com
---
 synapse/http/matrixfederationclient.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'synapse/http')

diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
index 629373fc47..b8849c0150 100644
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -318,7 +318,9 @@ class MatrixFederationHttpClient:
         # We need to use a DNS resolver which filters out blacklisted IP
         # addresses, to prevent DNS rebinding.
         self.reactor = BlacklistingReactorWrapper(
-            hs.get_reactor(), None, hs.config.federation_ip_range_blacklist
+            hs.get_reactor(),
+            hs.config.federation_ip_range_whitelist,
+            hs.config.federation_ip_range_blacklist,
         )  # type: ISynapseReactor
 
         user_agent = hs.version_string
-- 
cgit 1.4.1