You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When blocking is triggered — whether writing to the rules file or (once implemented) running iptables — there must be guards preventing users from accidentally blocking loopback, private network, or link-local addresses.
What's already handled:
classify_ip() in monitor.py correctly detects loopback (127.x.x.x), private ranges (10.x, 172.16-31.x, 192.168.x), and link-local using Python's ipaddress module
Connections to local IPs are shown as "Local" trust, visually distinct from blockable connections
What's missing:
block_ip_in_rules() has no guard — it will happily add 127.0.0.1 to the blocklist if called
The TUI block action (B key in tui.py) fires immediately with no confirmation prompt
Add a guard at the top of block_ip_in_rules() in monitor.py: if the IP is loopback, private, or link-local (reuse ipaddress logic), return early with an error message — never add it to the blocklist
In tui.py, add a simple confirmation prompt before the block action fires (e.g., a modal dialog or an "Are you sure? (y/n)" inline prompt)
It is impossible to block a local or loopback address through SilentGuard, regardless of how the block is triggered. The guard lives in monitor.py so both GUI and TUI inherit it automatically.
Notes
The ipaddress module is already imported in monitor.py — reuse that logic rather than duplicating regex patterns.
Overview
When blocking is triggered — whether writing to the rules file or (once implemented) running iptables — there must be guards preventing users from accidentally blocking loopback, private network, or link-local addresses.
What's already handled:
classify_ip()inmonitor.pycorrectly detects loopback (127.x.x.x), private ranges (10.x,172.16-31.x,192.168.x), and link-local using Python'sipaddressmoduleWhat's missing:
block_ip_in_rules()has no guard — it will happily add127.0.0.1to the blocklist if calledBkey intui.py) fires immediately with no confirmation promptapply_block()eitherWhat needs to be done
block_ip_in_rules()inmonitor.py: if the IP is loopback, private, or link-local (reuseipaddresslogic), return early with an error message — never add it to the blocklisttui.py, add a simple confirmation prompt before the block action fires (e.g., a modal dialog or an "Are you sure? (y/n)" inline prompt)apply_block()before running any iptables commandGoal
It is impossible to block a local or loopback address through SilentGuard, regardless of how the block is triggered. The guard lives in
monitor.pyso both GUI and TUI inherit it automatically.Notes
The
ipaddressmodule is already imported inmonitor.py— reuse that logic rather than duplicating regex patterns.