123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- package netutil
- import (
- "fmt"
- "net"
- )
- var localCIDRs []*net.IPNet
- func init() {
-
-
- rawCIDRs := []string{
-
- "127.0.0.0/8",
- "0.0.0.0/8",
- "100.64.0.0/10",
- "169.254.0.0/16",
- "172.16.0.0/12",
- "192.0.0.0/24",
- "192.0.2.0/24",
- "192.88.99.0/24",
- "192.168.0.0/16",
- "198.18.0.0/15",
- "198.51.100.0/24",
- "203.0.113.0/24",
- "255.255.255.255/32",
-
- "10.0.0.0/8",
-
- "::1/128",
- "FC00::/7",
- "FE80::/10",
- }
- for _, raw := range rawCIDRs {
- _, cidr, err := net.ParseCIDR(raw)
- if err != nil {
- panic(fmt.Sprintf("parse CIDR %q: %v", raw, err))
- }
- localCIDRs = append(localCIDRs, cidr)
- }
- }
- func IsBlockedLocalHostname(hostname string, allowlist []string) bool {
- for _, allow := range allowlist {
- if hostname == allow || allow == "*" {
- return false
- }
- }
- ips, err := net.LookupIP(hostname)
- if err != nil {
- return true
- }
- for _, ip := range ips {
- for _, cidr := range localCIDRs {
- if cidr.Contains(ip) {
- return true
- }
- }
- }
- return false
- }
|