ipfilter — IP filtering via black and whitelists

A module for filtering IPs via black and whitelists.

A global instance ipfilter can be imported directly from the module and is taken into account by default in the NeoNode class when connections are established.

Filtering rules

  • The whitelist has precedence over the blacklist settings.

  • Host masks can be applied.

  • When using host masks do not set host bits (leave them to 0) or an exception will occur.

Examples

The following are configuration examples for common scenario’s.

1. Accept only specific trusted IPs

{
    'blacklist': [
        '0.0.0.0/0'
    ],
    'whitelist': [
        '10.10.10.10',
        '15.15.15.15'
    ]
}

2. Accept only a range of trusted IPs

# accepts any IP in the range of 10.10.10.0 - 10.10.10.255
{
    'blacklist': [
        '0.0.0.0/0'
    ],
    'whitelist': [
        '10.10.10.0/24',
    ]
}

3. Accept all except specific IPs

# can be used for banning bad actors
{
    'blacklist': [
        '12.12.12.12',
        '13.13.13.13'
    ],
    'whitelist': [
    ]
}
class neo3.network.ipfilter.IPFilter

Bases: object

blacklist_add(address)

Add an address that will not pass restriction checks.

Parameters

address (str) – an IPv4 address as defined in the standard library.

Return type

None

blacklist_remove(address)

Remove an address from the blacklist.

Parameters

address (str) – an IPv4 address as defined in the standard library.

Return type

None

is_allowed(address)

Test if a given address passes the configured restrictions.

Parameters

address (str) – an IPv4 address as defined in the standard library.

Return type

bool

load_config(config)

Load filtering rules from a configuration object.

Parameters

config (Dict[str, List[str]]) – a _dictionary holding 2 keys, blacklist & whitelist, each having a list type value holding str type address es. See Examples. For address format refer to the standard library.

Raises

ValueError – if the required config keys are not found.

Return type

None

reset()

Clear the filter rules.

Return type

None

whitelist_add(address)

Add an address that will pass restriction checks.

Parameters

address (str) – an IPv4 address as defined in the standard library.

Return type

None

whitelist_remove(address)

Remove an address from the whitelist.

Parameters

address (str) – an IPv4 address as defined in the standard library.

Return type

None

default_config: dict = {'blacklist': [], 'whitelist': []}