IP Filter

LogScale includes an IP-based access control list (ACL) for outgoing connections made by actions. This is to protect LogScale from being used to proxy requests into the same internal network as LogScale. It also protects against actions being used, for example, to send requests to ZooKeeper.

By default, this denies connections to any reserved IP address as defined by RFC 5735 and RFC 5156. This includes the standard ranges for internal networks. That means that, by default, LogScale won't be able to send messages from actions to other services on the same internal network.

The syntax of the ACL list is a sequence, separated by newlines or ;, of allow or deny actions, along with a CIDR block or all. An IP address is allowed or denied by finding the first match and applying the corresponding action. The all value matches any IP-address (i.e., IPv4 or IPv6).

Default ACL

If there is no match in the ACL list specified in the configuration parameter IP_FILTER_ACTIONS, the default ACL list will be applied. If that has no match either, the connection is allowed.

The default IP-based access control list (ACL) is as follows:

ini

# From https://tools.ietf.org/html/rfc5735
deny 0.0.0.0/8
deny 10.0.0.0/8
deny 127.0.0.0/8
deny 169.254.0.0/16
deny 172.16.0.0/12
deny 192.0.0.0/24
deny 192.0.2.0/24
deny 192.88.99.0/24
deny 192.168.0.0/16
deny 198.18.0.0/15
deny 198.51.100.0/24
deny 203.0.113.0/24
deny 224.0.0.0/4
deny 240.0.0.0/4
deny 255.255.255.255/32

# From https://tools.ietf.org/html/rfc5156
deny ::/128
deny ::1/128
deny fe80::/10
deny fc00::/7
deny ff00::/8

To get the previous behavior of allowing all IP addresses in actions, for example, you would set IP_FILTER_ACTIONS ini the configuration file like so:

ini

IP_FILTER_ACTIONS="allow all"

To allow only a particular IP address, say 192.168.0.16, but still keep other internal addresses blocked, you would change the configuration file to include something like this:

ini

IP_FILTER_ACTIONS="allow 192.168.0.16"

If you want to allow only the IP address, 192.168.0.16 and block all other IP addresses, you would set the IP_FILTER_ACTIONS variable in configuration file like this:

ini

IP_FILTER_ACTIONS="allow 192.168.0.16; deny all"

Falcon LogScale Self-Hosted 1.132.0-1.137.0 (Preview)

Self-Hosted Overview

Installing LogScale

Self-Hosted Admin.

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & Permissions

Cluster Management

Configuration Settings

Ingesting Data

LogScale Configuration Parameters

LogScale URLs & Endpoints

Limits & Standards

Data Analysis 1.132.0-1.137.0

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

IP Filter

Default ACL

Enter search term