feat(settings): prevent public firewall outbound subnets

2024-01-29 18:26:23 +00:00
parent d8b9b2a85b
commit 6b9c775055
3 changed files with 84 additions and 1 deletions
--- a/internal/configuration/settings/firewall.go
+++ b/internal/configuration/settings/firewall.go
@@ -26,6 +26,12 @@ func (f Firewall) validate() (err error) {
 		return fmt.Errorf("input ports: %w", ErrFirewallZeroPort)
 	}

+	for _, subnet := range f.OutboundSubnets {
+		if !subnet.Addr().IsPrivate() {
+			return fmt.Errorf("%w: %s", ErrFirewallPublicOutboundSubnet, subnet)
+		}
+	}
+
 	return nil
 }