-
Notifications
You must be signed in to change notification settings - Fork 811
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--netrestrict
feature to enable IP filtering for Besu nodes used in key infrastructure
#6620
Comments
Here is an example of how we configure geth: netrestrict: "10.80.0.0/16" |
I've had a quick look at this. |
Thanks for the analysis. If we can have a feature following geth's specs, I indeed believe it's the best. |
For p2p we are using Netty. We can use a String to create an instance of the IpSubnetFilterRule class in Netty, which can be used in a ChannelInitializer, which can be used as a childHandler in the ServerBootstrap. |
Is this blocked due to our internal resourcing needs or another reason? |
@non-fungible-nelson It's blocked due to internal resourcing needs at the moment. |
Description
As an infrastructure provider, I want to be able to restrict my node to certain IP networks so that I can prevent and filter unwanted peering. I also want parity with Geth nodes with this option to better take advantage of existing configs and tooling.
Besu should enable restriction to peer-to-peer connectivity on an IP subnet. Doing so will further isolate the network and prevents cross-connecting with other blockchain networks in case the nodes are reachable from the Internet.
Acceptance Criteria
--netrestrict
option exposed taking a string representing IP valueReference code
Geth Codebase
The text was updated successfully, but these errors were encountered: