MeshCentral
MeshCentral copied to clipboard
Ylianst
IP filter in config.json
Hi Everyone ,
I have installed meshcentral and soo far it works great. I just have few question regards to ip filtering in user and agent allowed ip.
when my config.json looks like this , it works fine , "agentAllowedIP": "23.23.23.23",
however when my config.json looks like this , it doesn't work. "agentAllowedIP": "file:agentallowedips.txt",
Note : agentallowedips.txt file is under meshcentral-data .
EDIT : it works when i have only one ip address entry in agentallowedips.txt file , but when i add another ip on the next line it wont work.
it works on: agentallowedips.txt 23.24.24.52
but it wont work when the text file contains like this 24.24.24.52 24.24.24.53 23.45.66.7
i believe you cant use a text file?
only a single ip address or an array with multiple ip addresses/ranges in
"userAllowedIP": ["1.1.1.1","2.2.2.2/24","3.3.3.3"]
"userAllowedIP": "1.1.1.1"
"userAllowedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, only users from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
"userBlockedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, users from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
"agentAllowedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, only agents from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
"agentBlockedIP": { "type": [ "string", "array" ], "default": null, "description": "When set, agents from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" },
https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json#L156-L159
@jsinoy ooo i stand corrected you can!
config.settings.userallowedip = obj.args.userallowedip = readIpListFromFile(obj.args.userallowedip);
trying to figure out why it isnt working?
function readIpListFromFile(arg) {
if ((typeof arg != 'string') || (!arg.startsWith('file:'))) return arg;
var lines = null;
try { lines = obj.fs.readFileSync(obj.path.join(obj.datapath, arg.substring(5))).toString().split('\r\n').join('\r').split('\r'); } catch (ex) { }
if (lines == null) return null;
const validLines = [];
for (var i in lines) { if ((lines[i].length > 0) && (((lines[i].charAt(0) > '0') && (lines[i].charAt(0) < '9')) || (lines[i].charAt(0) == ':'))) validLines.push(lines[i]); }
return validLines;
}
~~EDIT1: can you try setting your file to say file:myips.txt?~~
EDIT2: im having a brain fart today again, i really need to start reading ignore EDIT1
I'm not sure why it isn't working , my server version is 1.0.60 . but when i manually input the ip addresses in config.json like this. "agentAllowedIp": "22.22.22.22,33.33.33.33",
it is working,, however it won't work when i try to put it in a text file because we have many ip addresses we need to whitelist. Not sure if i may have missed something. I have followed the instructions here in this thread https://github.com/Ylianst/MeshCentral/issues/3401
what version of nodejs are you running?
EDIT: ive tried debugging it here and i physically cant get it to have your problem? only thing i can suggest is you might be using an old version of nodejs, please can you try updating to the latest LTS version 16.16.0
I'm not a coder, but wouldn't each IP address in the text file need a comma after it? Except for the final IP address in the list?
I'm not a coder, but wouldn't each IP address in the text file need a comma after it? Except for the final IP address in the list?
I've also tried putting a comma after each IP address and unfortunately it doesn't work as well , I'm following the instructions here on this thread https://github.com/Ylianst/MeshCentral/issues/3401
(I am traveling with limited Internet access)
MeshCentral uses IPCheck to perform IP address matching. You can do it like this:
"agentAllowedIp": [ "22.22.22.22", "33.33.33.33", "192.168.0.1/32", "::ffff:192.168.0.1/128"]
Put as many as you want. Placing a comma like this should also work:
"agentAllowedIp": "22.22.22.22,33.33.33.33,192.168.0.1/32,::ffff:192.168.0.1/128"
If it does not, let me know. Also, it's a good idea to go in the event log or "My Server" tracing and look at the actual incoming IP address of your traffic before placing such a block. You may realize your traffic it not coming from the IP address you think it should be.
When using "file:abc.txt", it should be one per line like this:
22.22.22.22
33.33.33.33
192.168.0.1/32
::ffff:192.168.0.1/128
If that does not work, it's a bug and I will fix it when I get back.
Hi Ylianst,
Yes i am using this one in config "agentAllowedIp": "file:agent_ips.txt"
and the file located in meshcentral-data and the content is like like this; 22.22.22.22 33.33.33.33
When i add a single ip add, it will work . But if i will add multiple line of ip address it wont work,
I can't make this problem happen. Can you mail be an exact multi-line file that does not work? My contact info is here. I want to take a look at it with a binary viewer and see if there is anything that needs to be parsed differently. So far, everything I tried works for me.
Hi everyone,
Sorry for the late response , Here is my current config . i want to put a list of ip's in a text file . It works when i add a single line of ip line 1.1.1.1 (example) . however whe i have mutiple lines it wont work anymore
1.1.1.1
2.2.2.2
I have the same issue than @jsinoy : if I use file, it does not work. I check rights of the files and the owner is meshcentral:meshcentral for all the files of meshcentral-data.
seems odd.. i just check my server right now and IP filter using a text file is now working . I swear I haven't touch or change anything the last time i check on this as I leave it as it is , And it's just working now :D ..I just test it now and it works My server version is 1.0.81
