Go-ipfs: `ipfs swarm filters` seems blacklist-only

@nonchip yeah, the original design called for filters to be applied in the typical ordering kind of way.

ALLOW <filter>
DENY <filter>
ALLOW <filter>
ALLOW <filter>
DENY <filter>

@whyrusleeping people do want this. let's move to this?

@jbenet like iptables does it? sounds good. and relatively easy to implement. just add the allow/deny bool in the list of filters, and return that bool as soon as a filter matches. I'm pretty bad in golang, but pseudocode would be:

struct filter={IpNet mask, bool policy}
list filters=[struct filter]
foreach filters as filter
  if filter.mask matches address
    return filter.policy
return true // fallback for no (or no matching) filters

so e.g. a pure whitelist would be:

ALLOW ip
ALLOW ip
...
DENY ::
DENY 0.0.0.0

(denying everything at the end and causing the return true fallback to be never reached)

Yep that's right.

What would make it easier for people to contribute to things like this?
Have noticed a larger than usual ratio of issues to PRs on go-ipfs. Is the
code base too daunting?
On Tue, Nov 17, 2015 at 23:39 Kyra Zimmer [email protected] wrote:

@jbenet https://github.com/jbenet like iptables does it? sounds good.
and relatively easy to implement. just add the allow/deny bool in the list
of filters, and return that bool as soon as a filter matches. I'm pretty
bad in golang, but pseudocode would be:

foreach filters as filter
if filter.mask matches address
return filter.policy
return true // fallback for no (or no matching) filters

so e.g. a pure whitelist would be:

ALLOW ip
ALLOW ip
...
DENY ::
DENY 0.0.0.0

(denying everything at the end and causing the return true fallback to be
never reached)

—
Reply to this email directly or view it on GitHub
https://github.com/ipfs/go-ipfs/issues/1972#issuecomment-157632849.

In my desperation to cut down on bandwidth usage (see https://github.com/ipfs/go-ipfs/issues/2489) I have started blacklisting (swarm filters) ipfs nodes which seem to send/recv more than the average with my node.

A whitelist would probably be better, that way I can block everyone except for a handful of trusted nodes.

Please implement this. It's really important for gateways to be able to whitelist content.

Examples:

• I want to mirror wikipedia, but I'm not interested in being a general ipfs gateway for everyone's content
• I'm a university library that wants to be an ipfs gateway for any ipfs content that's in our collection but we explicitly don't want to serve anything else

In both cases, a blacklist doesn't cut it. You want to whitelist a small amount of hashes and decline all other requests.

Will https://github.com/libp2p/go-maddr-filter/pull/1 cover this for us?

@flyingzumwalt this is not content filter but connection filter.

Any movement on this? It would be very useful.

Not yet. This would require some support in libp2p that we don't currently have. See: https://github.com/libp2p/go-libp2p-net/issues/25#issuecomment-433382317.