From 3e09132b99bc64d226ee6183c1755f4813a109a6 Mon Sep 17 00:00:00 2001
From: Colm Murphy <121356486@umail.ucc.ie>
Date: Fri, 1 Apr 2022 18:47:50 +0100
Subject: [PATCH 1/2] dont allow port mappings to internal ports 21, 23, 25,
 53, 143

---
 ui/src/components/InstancesList.vue | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ui/src/components/InstancesList.vue b/ui/src/components/InstancesList.vue
index df28a51..1c5654c 100644
--- a/ui/src/components/InstancesList.vue
+++ b/ui/src/components/InstancesList.vue
@@ -809,6 +809,10 @@ export interface ConfirmCancelAction {
 
 const VHostValidation = new RegExp('^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$')
 const PortValidation = new RegExp('^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$')
+const portAllowed = (p: string) => {
+  const forbiddenPorts = ['21', '23', '25', '53', '143']
+  return !forbiddenPorts.includes((p))
+}
 
 export default Vue.extend({
   components: {
@@ -847,7 +851,8 @@ export default Vue.extend({
     portRules (): ((v: string) => (string | boolean))[] {
       return [
         (v: string) => !!v || 'Port required',
-        (v: string) => PortValidation.test(v) || 'Port must be between 0 and 65355'
+        (v: string) => PortValidation.test(v) || 'Port must be between 0 and 65355',
+        (v: string) => portAllowed(v) || 'You should not create mappings to port ' + v
       ]
     },
 

From cb139f326a59200421014c9336ad545f3279901d Mon Sep 17 00:00:00 2001
From: Colm Murphy <121356486@umail.ucc.ie>
Date: Fri, 1 Apr 2022 19:04:46 +0100
Subject: [PATCH 2/2] backend validation for portmaps

---
 api/v1/providers/proxmox.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/v1/providers/proxmox.py b/api/v1/providers/proxmox.py
index 8f3504c..579e9eb 100644
--- a/api/v1/providers/proxmox.py
+++ b/api/v1/providers/proxmox.py
@@ -1524,10 +1524,13 @@ def add_instance_port(
         external: int,
         internal: int
     ):
+        forbidden_ports = [21, 23, 25, 53, 143]
         port_map = self.get_port_forward_map()
 
         if external in port_map:
             raise exceptions.resource.Unavailable(f"Cannot map port {external} to {internal}, this port is currently taken by another user/another one of your instances")
+        if internal in forbidden_ports:
+            raise exceptions.resource.Unavailable(f"Cannot map port {external} to {internal}, internal port forbidden")
             
         instance.metadata.network.ports[external] = internal
         self.write_out_instance_metadata(instance)