On 08/04/19 04:28, David Ranch wrote:
I hope the RFC1918 check is already made. If not it could be added. As I wrote before, there have been reasonable checks in place but people here have asked them to be removed because they wanted to do what the checks prevented. (like setting up a gateway with external address in net-44)
Maybe if the portal can flags specific issues, it could can then display additional options like say:
- RFC1918 address space (10.x.x.x/8, 172.16.x.x/12, 192.168.x.x/16) is not an allowed gateway address as it's non-routable over the Internet
- Specifying a 44.x.x.x address for a gateway is illegal except for very limited situations (this 44.x.x.x gateways address is BGP hosted and you still want access to the IP-IP tunneled system)
- IPv6 address space is not supported today
- etc
then under all that, offer a "bypass checks" option to let them do things anyway?
That might be the best of both worlds - potential issues are flagged, extra information given, then the user given the option to change their information or continue anyway. If they know what they're doing, this is simply an extra mouse click on the portal. If they don't, then hopefully it will prompt them to come here and ask questions, if they're stuck.