Skip to content

Change the default value of --network-allow-private-ips to false for mainnet and fuji #1773

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 27, 2023
Merged

Change the default value of --network-allow-private-ips to false for mainnet and fuji #1773

merged 3 commits into from
Jul 27, 2023

Conversation

StephenButtolph
Copy link
Contributor

@StephenButtolph StephenButtolph commented Jul 27, 2023
edited
Loading

Why this should be merged

It's generally unexpected behavior that avalanchego may attempt to connect to private IPs when run with the default configurations.

How this works

Because it is fairly common for nodes to need to connect to private IPs with non-production networks, this doesn't change the default value of --network-allow-private-ips for non-production networks. However, for mainnet and fuji the default value will be false.

How this was tested

Running on mainnet - this PR blocks a large number of connection dial attempts:

[07-27|13:36:56.025] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-LBA1YYYBbxwYMMAA9odGhR69d9SCbyq8v", "peerIP": "10.6.4.10", "delay": "1.857536142s"}
[07-27|13:36:56.161] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-Hbf2ZY1Zs1s8KMp3rA1zK36N7zt5fSLkz", "peerIP": "10.8.11.6", "delay": "1.150304756s"}
[07-27|13:36:56.166] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-AdCK93Gj4MnPU5Qj1tzRH166uiVBGzg7w", "peerIP": "10.70.2.1", "delay": "1.17332004s"}
[07-27|13:36:56.198] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-6S8zAjmFJ4JdZwPURyFGp8Q8tqQ5NcEbX", "peerIP": "172.17.112.56", "delay": "1.760768527s"}
[07-27|13:36:56.215] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-DJbw4TrSRu9uovTKqo6w12axPLHWHsjJD", "peerIP": "10.6.4.11", "delay": "1.465906138s"}
[07-27|13:36:56.215] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-Aua1pVxQsWLvTTf8bNVw2ZCA2NfogNqiE", "peerIP": "10.0.0.246", "delay": "1.89626065s"}
[07-27|13:36:56.246] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-6w8NN8PeYXnpxojbo73BUUXq6tDmV6hzr", "peerIP": "10.3.65.12", "delay": "1.129021199s"}
[07-27|13:36:56.246] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-D7JFYevRv4N7LXa8ihCwdzVtc5szT9Q7j", "peerIP": "10.20.4.5", "delay": "1.462733755s"}
[07-27|13:36:56.304] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-FF2Szx54cN5iys83j9H5xaEqHiz3RipkG", "peerIP": "10.20.3.5", "delay": "1.807390667s"}
[07-27|13:36:56.362] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-HWwYYkiTKnXgYycNN5gXQfxhhA8TZdBvs", "peerIP": "10.6.0.13", "delay": "1.868898153s"}
[07-27|13:36:56.579] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-AU27Fz35YmQuM6d2pM9HsvLtgwGT5xwnd", "peerIP": "172.18.0.3", "delay": "1.105249361s"}
[07-27|13:36:56.582] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-L9HsJPQ9TF5aXjdx3KnQrh1eWaHJaNXNj", "peerIP": "10.121.0.6", "delay": "1.348036315s"}
[07-27|13:36:56.615] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-4kRVv9q9bLrAVCdpgVXJfEBEUXSGkobMU", "peerIP": "172.18.0.3", "delay": "1.895168099s"}
[07-27|13:36:56.874] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-LG2NYC4RxxzCG4zFGWoAwSo4U8mjMux1f", "peerIP": "10.20.1.4", "delay": "1.514356098s"}
[07-27|13:36:56.952] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-7843EeyboY1mZSmdzjqdJodxHycNn7Kv2", "peerIP": "10.0.132.31", "delay": "1.279405893s"}
[07-27|13:36:57.026] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-JDS6pq6tZxZxePaDc77TvrmNnY5HBUNX4", "peerIP": "192.168.1.70", "delay": "1.650950491s"}
[07-27|13:36:57.117] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-KeyQeQwf1D4bzdcHVP34xXXWhJzFjVTSj", "peerIP": "172.31.45.225", "delay": "1.524901703s"}
[07-27|13:36:57.143] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-DvwWC5ed3j5iG6e4Y5yxAUacPkXvrxLFT", "peerIP": "10.6.0.12", "delay": "1.9147983s"}
[07-27|13:36:57.183] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-2eBu8RjbvCFTZMcxu1oh2oKtfHT7V4zyM", "peerIP": "10.21.10.140", "delay": "1.991633748s"}
[07-27|13:36:57.281] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-EoNXC39QyT1eHFPXb5PgvDNigBN8tMeCC", "peerIP": "172.18.0.6", "delay": "1.487049639s"}
[07-27|13:36:57.313] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-Hbf2ZY1Zs1s8KMp3rA1zK36N7zt5fSLkz", "peerIP": "10.8.11.6", "delay": "1.163580698s"}
[07-27|13:36:57.339] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-AdCK93Gj4MnPU5Qj1tzRH166uiVBGzg7w", "peerIP": "10.70.2.1", "delay": "1.663089539s"}
[07-27|13:36:57.376] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-6w8NN8PeYXnpxojbo73BUUXq6tDmV6hzr", "peerIP": "10.3.65.12", "delay": "1.621173601s"}
[07-27|13:36:57.409] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-EbqMEDUpxHXexLzcBabL696xQp2QEWWa5", "peerIP": "192.168.1.247", "delay": "1.778510485s"}
[07-27|13:36:57.418] VERBO network/network.go:1135 skipping connection dial {"reason": "outbound connections to private IPs are prohibited", "nodeID": "NodeID-HkEQ2sJogxEps4tmqFRDuVG9hyfxe8vMg", "peerIP": "10.0.141.95", "delay": "1.304702368s"}

(the list goes on, but this was just the first few I cared to see)

@StephenButtolph StephenButtolph added the networking This involves networking label Jul 27, 2023
@StephenButtolph StephenButtolph added this to the v1.10.6 milestone Jul 27, 2023
@StephenButtolph StephenButtolph merged commit f88b08b into dev Jul 27, 2023
@StephenButtolph StephenButtolph deleted the private-ips branch July 27, 2023 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abi87 abi87 abi87 approved these changes

@joshua-kim joshua-kim joshua-kim approved these changes

@danlaine danlaine Awaiting requested review from danlaine

Assignees
No one assigned
Labels
networking This involves networking
Projects
No open projects
Ski Patrol
Archived in project
Milestone
v1.10.7
Development

Successfully merging this pull request may close these issues.
3 participants
@StephenButtolph @abi87 @joshua-kim