File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -1713,6 +1713,11 @@ changes:
17131713 ** Default:** ` false ` .
17141714 * ` pauseOnConnect ` {boolean} Indicates whether the socket should be
17151715 paused on incoming connections. ** Default:** ` false ` .
1716+ * ` blockList ` {net.BlockList} ` blockList ` can be used for disabling inbound
1717+ access to specific IP addresses, IP ranges, or IP subnets. This does not
1718+ work if the server is behind a reverse proxy, NAT, etc. because the address
1719+ checked against the block list is the address of the proxy, or the one
1720+ specified by the NAT.
17161721
17171722* ` connectionListener ` {Function} Automatically set as a listener for the
17181723 [ ` 'connection' ` ] [ ] event.
Original file line number Diff line number Diff line change @@ -1791,6 +1791,13 @@ function Server(options, connectionListener) {
17911791 this . keepAlive = Boolean ( options . keepAlive ) ;
17921792 this . keepAliveInitialDelay = ~ ~ ( options . keepAliveInitialDelay / 1000 ) ;
17931793 this . highWaterMark = options . highWaterMark ?? getDefaultHighWaterMark ( ) ;
1794+ if ( options . blockList ) {
1795+ // TODO: use BlockList.isBlockList (https://github.com/nodejs/node/pull/56078)
1796+ if ( ! ( options . blockList instanceof module . exports . BlockList ) ) {
1797+ throw new ERR_INVALID_ARG_TYPE ( 'options.blockList' , 'net.BlockList' , options . blockList ) ;
1798+ }
1799+ this . blockList = options . blockList ;
1800+ }
17941801}
17951802ObjectSetPrototypeOf ( Server . prototype , EventEmitter . prototype ) ;
17961803ObjectSetPrototypeOf ( Server , EventEmitter ) ;
@@ -2239,7 +2246,15 @@ function onconnection(err, clientHandle) {
22392246 clientHandle . close ( ) ;
22402247 return ;
22412248 }
2242-
2249+ if ( self . blockList && typeof clientHandle . getpeername === 'function' ) {
2250+ const remoteInfo = { __proto__ : null } ;
2251+ clientHandle . getpeername ( remoteInfo ) ;
2252+ const addressType = isIP ( remoteInfo . address ) ;
2253+ if ( addressType && self . blockList . check ( remoteInfo . address , `ipv${ addressType } ) ) {
2254+ clientHandle . close ( ) ;
2255+ return ;
2256+ }
2257+ }
22432258 const socket = new Socket ( {
22442259 handle : clientHandle ,
22452260 allowHalfOpen : self . allowHalfOpen ,
Original file line number Diff line number Diff line change 1+ 'use strict' ;
2+ const common = require ( '../common' ) ;
3+ const net = require ( 'net' ) ;
4+
5+ const blockList = new net . BlockList ( ) ;
6+ blockList . addAddress ( common . localhostIPv4 ) ;
7+
8+ const server = net . createServer ( { blockList } , common . mustNotCall ( ) ) ;
9+ server . listen ( 0 , common . localhostIPv4 , common . mustCall ( ( ) => {
10+ const adddress = server . address ( ) ;
11+ const socket = net . connect ( {
12+ localAddress : common . localhostIPv4 ,
13+ host : adddress . address ,
14+ port : adddress . port
15+ } ) ;
16+ socket . on ( 'close' , common . mustCall ( ( ) => {
17+ server . close ( ) ;
18+ } ) ) ;
19+ } ) ) ;
You can’t perform that action at this time.
0 commit comments