Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: support cidr blocks egress control with --allow-net #9816

Open
alexanderGalushka opened this issue Mar 17, 2021 · 5 comments
Open

feature: support cidr blocks egress control with --allow-net #9816

alexanderGalushka opened this issue Mar 17, 2021 · 5 comments
Labels
permissions related to --allow-* flags suggestion suggestions for new features (yet to be agreed)

Comments

@alexanderGalushka
Copy link

currently --allow-net supports only IPs and domains, unfortunately it doesn't support cidr blocks yet

e.g.

deno run --allow-net=xyz.com,abc.com,10.0.0.11/24
@kitsonk kitsonk added permissions related to --allow-* flags suggestion suggestions for new features (yet to be agreed) labels Mar 17, 2021
@lucacasonato
Copy link
Member

lucacasonato commented Mar 18, 2021
edited
Loading

CIDR blocks would require us to resolve hostnames to IP addresses before matching against the net allow list. Possible, but not easy to implement.

@dsseng dsseng mentioned this issue Jul 24, 2021
Closed
@bnoordhuis bnoordhuis added the good first issue Good for newcomers label Dec 15, 2021
@bnoordhuis
Copy link
Contributor

#11509 unfortunately stalled but that means this feature is up for grabs again.

@nebarf
Copy link

nebarf commented Feb 25, 2022

@bnoordhuis I can grab the issue if it sounds good to you. Will take me some time to familiarize with the codebase

@nebarf nebarf mentioned this issue Feb 26, 2022
Closed
@ghost
Copy link

ghost commented Oct 13, 2022
edited by ghost
Loading

@lucacasonato @alexanderGalushka

This is something I was reading into and potentially looking at making PR for, just making a note before I get off and anyone else wants to pick. There seems to be a resolveDNS API in Deno already which can be used to perform the domain resolution, interface useable to the rest of Deno, not sure, however once I track down the internals those can be used either way.

@ghost
Copy link

ghost commented Oct 13, 2022
edited by ghost
Loading

Rust OP DNS Resolve Internals line 656
Rust Internals for attaching allow command arguments

@bartlomieju bartlomieju removed the good first issue Good for newcomers label Apr 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
permissions related to --allow-* flags suggestion suggestions for new features (yet to be agreed)
Projects
None yet
Milestone
No milestone
6 participants
@bnoordhuis @kitsonk @nebarf @lucacasonato @alexanderGalushka @bartlomieju