From 08493871a53c95bfec76be7b98e8c6b4252f97a3 Mon Sep 17 00:00:00 2001
From: grossmj <grossmj@gns3.net>
Date: Thu, 15 Mar 2018 16:33:23 +0700
Subject: [PATCH] Restrict the list of available Ethernet/TAP adapters. Fixes
 #352.

---
 conf/gns3_server.conf                     | 3 +++
 gns3server/compute/builtin/nodes/cloud.py | 2 +-
 gns3server/utils/interfaces.py            | 8 ++++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/conf/gns3_server.conf b/conf/gns3_server.conf
index e8e98431..5971376c 100644
--- a/conf/gns3_server.conf
+++ b/conf/gns3_server.conf
@@ -39,6 +39,9 @@ user = gns3
 ; Password for HTTP authentication.
 password = gns3
 
+; Only allow these interfaces to be used by GNS3, for the Cloud node for example (Linux/OSX only)
+allowed_interfaces = eth0,eth1
+
 [VPCS]
 ; VPCS executable location, default: search in PATH
 ;vpcs_path = vpcs
diff --git a/gns3server/compute/builtin/nodes/cloud.py b/gns3server/compute/builtin/nodes/cloud.py
index 1d87071a..fd428d73 100644
--- a/gns3server/compute/builtin/nodes/cloud.py
+++ b/gns3server/compute/builtin/nodes/cloud.py
@@ -110,7 +110,7 @@ class Cloud(BaseNode):
 
         if ports != self._ports_mapping:
             if len(self._nios) > 0:
-                raise NodeError("Can't modify a cloud that is already connected.")
+                raise NodeError("Cannot modify a cloud that is already connected.")
 
             port_number = 0
             for port in ports:
diff --git a/gns3server/utils/interfaces.py b/gns3server/utils/interfaces.py
index b185f0cb..541697b1 100644
--- a/gns3server/utils/interfaces.py
+++ b/gns3server/utils/interfaces.py
@@ -23,6 +23,8 @@ import socket
 import struct
 import psutil
 
+from gns3server.config import Config
+
 if psutil.version_info < (3, 0, 0):
     raise Exception("psutil version should >= 3.0.0. If you are under Ubuntu/Debian install gns3 via apt instead of pip")
 
@@ -198,8 +200,14 @@ def interfaces():
 
     results = []
     if not sys.platform.startswith("win"):
+        allowed_interfaces = Config.instance().get_section_config("Server").get("allowed_interfaces", None)
+        if allowed_interfaces:
+            allowed_interfaces = allowed_interfaces.split(',')
         net_if_addrs = psutil.net_if_addrs()
         for interface in sorted(net_if_addrs.keys()):
+            if allowed_interfaces and interface not in allowed_interfaces:
+                log.warning("Interface '{}' is not allowed to be used on this server".format(interface))
+                continue
             ip_address = ""
             mac_address = ""
             netmask = ""