From c777928ed32626fdf385909cbea183e3bbf830d9 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 30 Jul 2018 13:09:04 +0200
Subject: [PATCH] settings. add PERMIT_PRIVATE_IP_TARGETS to allow/forbid
 private IPs

---
 flowspec/validators.py   | 5 ++++-
 flowspy/settings.py.dist | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/flowspec/validators.py b/flowspec/validators.py
index 7da2427d..a02a4db4 100644
--- a/flowspec/validators.py
+++ b/flowspec/validators.py
@@ -18,7 +18,10 @@ def get_network(ip):
 
 
 def clean_ip(address):
-    if False and address.is_private:
+    if not hasattr(settings, "PERMIT_PRIVATE_IP_TARGETS"):
+        settings.PERMIT_PRIVATE_IP_TARGETS = True
+
+    if settings.PERMIT_PRIVATE_IP_TARGETS == False and address.is_private:
             return _('Private addresses not allowed')
 
     if address.version == 4 and int(address.prefixlen) == 32:
diff --git a/flowspy/settings.py.dist b/flowspy/settings.py.dist
index fdc74863..b82dbf1d 100644
--- a/flowspy/settings.py.dist
+++ b/flowspy/settings.py.dist
@@ -393,6 +393,9 @@ SNMP_MAX_SAMPLECOUNT = 12
 # Age of inactive routes that can be already removed (in seconds)
 SNMP_REMOVE_RULES_AFTER = 3600
 
+# If PERMIT_PRIVATE_IP_TARGETS is False, then users are not allowed to enter IP addresses from private IP ranges; it is True by default
+PERMIT_PRIVATE_IP_TARGETS = True
+
 ##############################################################################
 ##############################################################################
 
-- 
GitLab