Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Fix the sample config location for the ip_range_whitelist setting. (#…
Browse files Browse the repository at this point in the history
…8954)

Move it from the federation section to the server section to match
ip_range_blacklist.
  • Loading branch information
clokep authored Dec 16, 2020
1 parent bd30cfe commit 44b7d4c
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 24 deletions.
1 change: 1 addition & 0 deletions changelog.d/8954.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Apply an IP range blacklist to push and key revocation requests.
24 changes: 12 additions & 12 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,18 @@ pid_file: DATADIR/homeserver.pid
# - 'fe80::/10'
# - 'fc00::/7'

# List of IP address CIDR ranges that should be allowed for federation,
# identity servers, push servers, and for checking key validity for
# third-party invite events. This is useful for specifying exceptions to
# wide-ranging blacklisted target IP ranges - e.g. for communication with
# a push server only visible in your network.
#
# This whitelist overrides ip_range_blacklist and defaults to an empty
# list.
#
#ip_range_whitelist:
# - '192.168.1.1'

# List of ports that Synapse should listen on, their purpose and their
# configuration.
#
Expand Down Expand Up @@ -671,18 +683,6 @@ acme:
# - nyc.example.com
# - syd.example.com

# List of IP address CIDR ranges that should be allowed for federation,
# identity servers, push servers, and for checking key validity for
# third-party invite events. This is useful for specifying exceptions to
# wide-ranging blacklisted target IP ranges - e.g. for communication with
# a push server only visible in your network.
#
# This whitelist overrides ip_range_blacklist and defaults to an empty
# list.
#
#ip_range_whitelist:
# - '192.168.1.1'

# Report prometheus metrics on the age of PDUs being sent to and received from
# the following domains. This can be used to give an idea of "delay" on inbound
# and outbound federation, though be aware that any delay can be due to problems
Expand Down
12 changes: 0 additions & 12 deletions synapse/config/federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,18 +56,6 @@ def generate_config_section(self, config_dir_path, server_name, **kwargs):
# - nyc.example.com
# - syd.example.com
# List of IP address CIDR ranges that should be allowed for federation,
# identity servers, push servers, and for checking key validity for
# third-party invite events. This is useful for specifying exceptions to
# wide-ranging blacklisted target IP ranges - e.g. for communication with
# a push server only visible in your network.
#
# This whitelist overrides ip_range_blacklist and defaults to an empty
# list.
#
#ip_range_whitelist:
# - '192.168.1.1'
# Report prometheus metrics on the age of PDUs being sent to and received from
# the following domains. This can be used to give an idea of "delay" on inbound
# and outbound federation, though be aware that any delay can be due to problems
Expand Down
12 changes: 12 additions & 0 deletions synapse/config/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -832,6 +832,18 @@ def generate_config_section(
#ip_range_blacklist:
%(ip_range_blacklist)s
# List of IP address CIDR ranges that should be allowed for federation,
# identity servers, push servers, and for checking key validity for
# third-party invite events. This is useful for specifying exceptions to
# wide-ranging blacklisted target IP ranges - e.g. for communication with
# a push server only visible in your network.
#
# This whitelist overrides ip_range_blacklist and defaults to an empty
# list.
#
#ip_range_whitelist:
# - '192.168.1.1'
# List of ports that Synapse should listen on, their purpose and their
# configuration.
#
Expand Down

0 comments on commit 44b7d4c

Please sign in to comment.