mirror of
https://github.com/qdm12/gluetun.git
synced 2025-12-11 04:38:54 -06:00
88 lines
2.5 KiB
Go
88 lines
2.5 KiB
Go
package configuration
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/qdm12/golibs/params"
|
|
"inet.af/netaddr"
|
|
)
|
|
|
|
func (settings *DNS) readBlacklistBuilding(r reader) (err error) {
|
|
settings.BlacklistBuild.BlockMalicious, err = r.env.OnOff("BLOCK_MALICIOUS", params.Default("on"))
|
|
if err != nil {
|
|
return fmt.Errorf("environment variable BLOCK_MALICIOUS: %w", err)
|
|
}
|
|
|
|
settings.BlacklistBuild.BlockSurveillance, err = r.env.OnOff("BLOCK_SURVEILLANCE", params.Default("on"),
|
|
params.RetroKeys([]string{"BLOCK_NSA"}, r.onRetroActive))
|
|
if err != nil {
|
|
return fmt.Errorf("environment variable BLOCK_SURVEILLANCE (or BLOCK_NSA): %w", err)
|
|
}
|
|
|
|
settings.BlacklistBuild.BlockAds, err = r.env.OnOff("BLOCK_ADS", params.Default("off"))
|
|
if err != nil {
|
|
return fmt.Errorf("environment variable BLOCK_ADS: %w", err)
|
|
}
|
|
|
|
if err := settings.readPrivateAddresses(r.env); err != nil {
|
|
return err
|
|
}
|
|
|
|
return settings.readBlacklistUnblockedHostnames(r)
|
|
}
|
|
|
|
var (
|
|
ErrInvalidPrivateAddress = errors.New("private address is not a valid IP or CIDR range")
|
|
)
|
|
|
|
func (settings *DNS) readPrivateAddresses(env params.Interface) (err error) {
|
|
privateAddresses, err := env.CSV("DOT_PRIVATE_ADDRESS")
|
|
if err != nil {
|
|
return fmt.Errorf("environment variable DOT_PRIVATE_ADDRESS: %w", err)
|
|
} else if len(privateAddresses) == 0 {
|
|
return nil
|
|
}
|
|
|
|
ips := make([]netaddr.IP, 0, len(privateAddresses))
|
|
ipPrefixes := make([]netaddr.IPPrefix, 0, len(privateAddresses))
|
|
|
|
for _, address := range privateAddresses {
|
|
ip, err := netaddr.ParseIP(address)
|
|
if err == nil {
|
|
ips = append(ips, ip)
|
|
continue
|
|
}
|
|
|
|
ipPrefix, err := netaddr.ParseIPPrefix(address)
|
|
if err == nil {
|
|
ipPrefixes = append(ipPrefixes, ipPrefix)
|
|
continue
|
|
}
|
|
|
|
return fmt.Errorf("%w: %s", ErrInvalidPrivateAddress, address)
|
|
}
|
|
|
|
settings.BlacklistBuild.AddBlockedIPs = append(settings.BlacklistBuild.AddBlockedIPs, ips...)
|
|
settings.BlacklistBuild.AddBlockedIPPrefixes = append(settings.BlacklistBuild.AddBlockedIPPrefixes, ipPrefixes...)
|
|
|
|
return nil
|
|
}
|
|
|
|
func (settings *DNS) readBlacklistUnblockedHostnames(r reader) (err error) {
|
|
hostnames, err := r.env.CSV("UNBLOCK")
|
|
if err != nil {
|
|
return fmt.Errorf("environment variable UNBLOCK: %w", err)
|
|
} else if len(hostnames) == 0 {
|
|
return nil
|
|
}
|
|
for _, hostname := range hostnames {
|
|
if !r.regex.MatchHostname(hostname) {
|
|
return fmt.Errorf("%w: %s", ErrInvalidHostname, hostname)
|
|
}
|
|
}
|
|
|
|
settings.BlacklistBuild.AllowedHosts = append(settings.BlacklistBuild.AllowedHosts, hostnames...)
|
|
return nil
|
|
}
|