Commit f154fb75 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files

host.resolve: check for network addresses

disallow networks as mirror targets
parent efbde2e1
Host address resolver for Alpine Wall
Copyright (C) 2012-2019 Kaarle Ritvanen
Copyright (C) 2012-2020 Kaarle Ritvanen
See LICENSE file for license details
......@@ -23,7 +23,7 @@ end
local dnscache = {}
function M.resolve(host, context)
function M.resolve(host, context, network)
local family = getfamily(host, context)
if family == 'domain' then
......@@ -54,13 +54,17 @@ function M.resolve(host, context)
return dnscache[host]
if not network and host:find('/') then
context:error('Network address not allowed: '
return {{family, host}}
function M.resolvelist(list, context)
function M.resolvelist(list, context, network)
local res = {}
for _, host in util.listpairs(list) do
util.extend(res, M.resolve(host, context))
util.extend(res, M.resolve(host, context, network))
return ipairs(res)
......@@ -125,7 +125,7 @@ function M.Zone:optfrags(dir)
local aopts = nil
if self.addr then
aopts = {}
for _, addr in resolvelist(self.addr, self) do
for _, addr in resolvelist(self.addr, self, true) do
{family=addr[1], [aprop]=addr[2], match='-'..aopt..' '..addr[2]}
......@@ -108,10 +108,6 @@ function TranslatingRule:init(...)
if type(self.dnat) == 'string' then self.dnat = {addr=self.dnat} end
if self.dnat.addr:find('/') then
self:error('DNAT target cannot be a network address')
local dnataddr
for _, addr in ipairs(resolve(self.dnat.addr, self)) do
if addr[1] == 'inet' then
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment