Enable federation blacklisting by default

2019-05-08 02:24:21 -07:00
parent ec67848235
commit 43ffe47b77
2 changed files with 20 additions and 20 deletions
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -105,16 +105,16 @@ pid_file: DATADIR/homeserver.pid
 # blacklist IP address CIDR ranges. If this option is not specified, or
 # specified with an empty list, no ip range blacklist will be enforced.
 #
-#federation_ip_range_blacklist:
-#  - '127.0.0.0/8'
-#  - '10.0.0.0/8'
-#  - '172.16.0.0/12'
-#  - '192.168.0.0/16'
-#  - '100.64.0.0/10'
-#  - '169.254.0.0/16'
-#  - '::1/128'
-#  - 'fe80::/64'
-#  - 'fc00::/7'
+federation_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'

 # List of ports that Synapse should listen on, their purpose and their
 # configuration.
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -374,16 +374,16 @@ class ServerConfig(Config):
        # blacklist IP address CIDR ranges. If this option is not specified, or
        # specified with an empty list, no ip range blacklist will be enforced.
        #
-        #federation_ip_range_blacklist:
-        #  - '127.0.0.0/8'
-        #  - '10.0.0.0/8'
-        #  - '172.16.0.0/12'
-        #  - '192.168.0.0/16'
-        #  - '100.64.0.0/10'
-        #  - '169.254.0.0/16'
-        #  - '::1/128'
-        #  - 'fe80::/64'
-        #  - 'fc00::/7'
+        federation_ip_range_blacklist:
+          - '127.0.0.0/8'
+          - '10.0.0.0/8'
+          - '172.16.0.0/12'
+          - '192.168.0.0/16'
+          - '100.64.0.0/10'
+          - '169.254.0.0/16'
+          - '::1/128'
+          - 'fe80::/64'
+          - 'fc00::/7'

        # List of ports that Synapse should listen on, their purpose and their
        # configuration.