2 gadi atpakaļ · 042e50b83e
--- a/common/net.go
+++ b/common/net.go
@@ -17,14 +17,16 @@ var (
 
				 )
			
 
				 
			
 
				 func init() {
			
 
				-	if flags.ExternalNetworksWhitelist != nil {
			
 
				-		for _, prefix := range *flags.ExternalNetworksWhitelist {
			
 
				-			p, err := netaddr.ParseIPPrefix(prefix)
			
 
				-			if err != nil {
			
 
				-				klog.Fatalf("invalid network %s: %s", prefix, err)
			
 
				-			}
			
 
				-			ConnectionFilter.WhitelistPrefix(p)
			
 
				+	klog.Infoln("whitelisted public IPs:", *flags.ExternalNetworksWhitelist)
			
 
				+	for _, prefix := range *flags.ExternalNetworksWhitelist {
			
 
				+		if prefix == "" {
			
 
				+			continue
			
 
				 		}
			
 
				+		p, err := netaddr.ParseIPPrefix(prefix)
			
 
				+		if err != nil {
			
 
				+			klog.Fatalf("invalid network %s: %s", prefix, err)
			
 
				+		}
			
 
				+		ConnectionFilter.WhitelistPrefix(p)
			
 
				 	}
			
 
				 	if r := flags.EphemeralPortRange; r != nil && *r != "" {
			
 
				 		klog.Infoln("ephemeral-port-range:", *r)
			
--- a/flags/flags.go
+++ b/flags/flags.go
@@ -14,8 +14,12 @@ var (
 
				 	DisablePinger     = kingpin.Flag("disable-pinger", "Don't ping upstreams").Default("false").Envar("DISABLE_PINGER").Bool()
			
 
				 	DisableL7Tracing  = kingpin.Flag("disable-l7-tracing", "Disable L7 tracing").Default("false").Envar("DISABLE_L7_TRACING").Bool()
			
 
				 
			
 
				-	ExternalNetworksWhitelist = kingpin.Flag("track-public-network", "Allow track connections to the specified IP networks, all private networks are allowed by default (e.g., Y.Y.Y.Y/mask)").Envar("TRACK_PUBLIC_NETWORK").Strings()
			
 
				-	EphemeralPortRange        = kingpin.Flag("ephemeral-port-range", "Destination and Listen TCP ports from this range will be skipped").Default("32768-60999").Envar("EPHEMERAL_PORT_RANGE").String()
			
 
				+	ExternalNetworksWhitelist = kingpin.
			
 
				+					Flag("track-public-network", "Allow track connections to the specified IP networks, all private networks are allowed by default (e.g., Y.Y.Y.Y/mask)").
			
 
				+					Envar("TRACK_PUBLIC_NETWORK").
			
 
				+					Default("0.0.0.0/0").
			
 
				+					Strings()
			
 
				+	EphemeralPortRange = kingpin.Flag("ephemeral-port-range", "Destination and Listen TCP ports from this range will be skipped").Default("32768-60999").Envar("EPHEMERAL_PORT_RANGE").String()
			
 
				 
			
 
				 	Provider          = kingpin.Flag("provider", "`provider` label for `node_cloud_info` metric").Envar("PROVIDER").String()
			
 
				 	Region            = kingpin.Flag("region", "`region` label for `node_cloud_info` metric").Envar("REGION").String()