Added RPC portal whitelist function, allowing only local access by default to enhance security (#929)

easytier/src/easytier-core.rs

@@ -11,6 +11,7 @@ use std::{
 };
 
 use anyhow::Context;
+use cidr::IpCidr;
 use clap::Parser;
 
 use easytier::{
@@ -176,6 +177,14 @@ struct Cli {
     )]
     rpc_portal: Option<String>,
 
+    #[arg(
+        long,
+        env = "ET_RPC_PORTAL_WHITELIST",
+        value_delimiter = ',',
+        help = t!("core_clap.rpc_portal_whitelist").to_string(),
+    )]
+    rpc_portal_whitelist: Option<Vec<IpCidr>>,
+
     #[arg(
         short,
         long,
@@ -616,6 +625,8 @@ impl TryFrom<&Cli> for TomlConfigLoader {
         };
         cfg.set_rpc_portal(rpc_portal);
 
+        cfg.set_rpc_portal_whitelist(cli.rpc_portal_whitelist.clone());
+
         if let Some(external_nodes) = cli.external_node.as_ref() {
             let mut old_peers = cfg.get_peers();
             old_peers.push(PeerConfig {