github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-22 17:43:04 -05:00
Code Issues 959 Packages Projects Releases 74 Wiki Activity

[GH-ISSUE #781] Feature Request: Implicit deny for ruleset #1628

New Issue
Closed
opened 2026-04-16 08:21:13 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-04-16 08:21:13 -05:00
Owner
Copy Link

Originally created by @kmanwar89 on GitHub (May 25, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/781

Hi,

Love Pangolin, and I'm working on securing my setup. I'd like to only allow logins from my LAN (RFC 1918 IP's), Tailscale's subnet (100.X), etc., while blocking logins for all others (with the capacity to selectively allowlist).

Is it possible to add a feature, similar to a firewall or ACL rule, that does "implicit block" or "implicit allow", without needing to specify each allow/deny?

Use case here is the standard self-hoster who would want to allow their private IP's and block basically everything else. Thanks!

Originally created by @kmanwar89 on GitHub (May 25, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/781 Hi, Love Pangolin, and I'm working on securing my setup. I'd like to only allow logins from my LAN (RFC 1918 IP's), Tailscale's subnet (100.X), etc., while blocking logins for all others (with the capacity to selectively allowlist). Is it possible to add a feature, similar to a firewall or ACL rule, that does "implicit block" or "implicit allow", without needing to specify each allow/deny? Use case here is the standard self-hoster who would want to allow their private IP's and block basically everything else. Thanks!
GiteaMirror commented 2026-04-16 08:21:14 -05:00
Author
Owner
Copy Link

@kmanwar89 commented on GitHub (May 25, 2025):

I aplogize; I should have read the documentation in more detail before making this request. I can see that Pangolin respects the 0.0.0.0/0 notation for ANY IPv4 deny, which I've tested to work successfully. I think that works well for my use case, but I do think others might benefit from an implicit allow and/or deny for those of us who are familiar with using ACL's or firewall rules and tend to think in that same pattern - thanks again for this amazing project!

<!-- gh-comment-id:2907894228 --> @kmanwar89 commented on GitHub (May 25, 2025): I aplogize; I should have read the documentation in more detail before making this request. I can see that Pangolin respects the `0.0.0.0/0` notation for ANY IPv4 deny, which I've tested to work successfully. I think that works well for my use case, but I do think others might benefit from an implicit allow and/or deny for those of us who are familiar with using ACL's or firewall rules and tend to think in that same pattern - thanks again for this amazing project!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#1628
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?