private

package
v0.2.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2026 License: MPL-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package private registers the "private" egress policy: it blocks outbound op dials whose resolved IP falls in loopback, private, link-local (incl. cloud-metadata 169.254.169.254), CGNAT/Tailscale, IPv6 ULA/link-local, and other IETF special-use space — plus any operator-supplied deny CIDRs. An allow CIDR is an explicit escape hatch and wins over deny.

The check runs at the dial step on the already-resolved IP, so it is DNS-rebinding safe. All CIDR sets are parsed once at Open(); CheckAddr is pure in-memory.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL