[FEATURE] A way to allow all local IPs in network blocking context
Stranger6667 opened this issue · 2 comments
Is your feature request related to a problem? Please describe.
When running in docker-compose you need to resolve local services first (e.g. DB) and then pass them to --allowed-hosts.
Describe the solution you'd like
Add --allow-local-ips flag to CLI + related arg to the block mark to allow requests to local IPs.
Use something like ipaddress.is_local to check all IPs in such a case.
Additional context
The feature & approach was proposed by @selevit
Is there an alternative that doesn't rely on resolving hostnames to concrete IPs (or at least doesn't require manual resolution)? I have a handful of backing services that are communicated with via HTTP, but their IPs are not necessarily local (e.g. gitlab services). I would expect doing something like --allowed-hosts=backing_service1,backing_service2 to work, but I can't get past Network Blocked. However, I can resolve their IPs at run time in my test bench and pass them to block_network
@rpocase, there is a different ticket for hostname resolving - #40.
BTW, python ipaddress.is_private function, will most likely consider your gitlab services as local ip addresses, as they should relate to the same docker network. @Stranger6667, I think we can replace ipaddress.is_local to ipaddress.is_private in the ticket description.
https://docs.python.org/3.9/library/ipaddress.html#ipaddress.IPv4Address.is_private