Merge pull request #989 from slingamn/proxy_allowed_localhost

new recommended default: proxy allowed from localhost

conventional.yaml

@@ -134,10 +134,11 @@ server:
     motd-formatting: true
 
     # addresses/CIDRs the PROXY command can be used from
-    # this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason)
+    # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets),
-    # you should also add these addresses to the connection limits and throttling exemption lists
+    # unless you have a good reason. you should also add these addresses to the
+    # connection limits and throttling exemption lists.
     proxy-allowed-from:
-        # - localhost
+        - localhost
         # - "192.168.1.1"
         # - "192.168.10.1/24"
 

irc/server.go

@@ -601,6 +601,10 @@ func (server *Server) applyConfig(config *Config) (err error) {
 		newISupportReplies = oldConfig.Server.isupport.GetDifference(&config.Server.isupport)
 	}
 
+	if len(config.Server.ProxyAllowedFrom) != 0 {
+		server.logger.Info("server", "Proxied IPs will be accepted from", strings.Join(config.Server.ProxyAllowedFrom, ", "))
+	}
+
 	// we are now open for business
 	err = server.setupListeners(config)
 

oragono.yaml

@@ -155,10 +155,11 @@ server:
     motd-formatting: true
 
     # addresses/CIDRs the PROXY command can be used from
-    # this should be restricted to 127.0.0.1/8 and ::1/128 (unless you have a good reason)
+    # this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets),
-    # you should also add these addresses to the connection limits and throttling exemption lists
+    # unless you have a good reason. you should also add these addresses to the
+    # connection limits and throttling exemption lists.
     proxy-allowed-from:
-        # - localhost
+        - localhost
         # - "192.168.1.1"
         # - "192.168.10.1/24"