Basic Network Permissioning¶
Basic Network Permissioning is a feature that controls which nodes can connect to a given node and also to which nodes the given node can dial out to. It is managed at the individual node level by providing the
--permissioned command line flag when starting the node.
--permissioned flag is set, the node looks for a file named
<data-dir>/permissioned-nodes.json . This file contains the whitelist of enodes that this node can connect to and accept connections from. Therefore, with permissioning enabled, only the nodes that are listed in the
permissioned-nodes.json file become part of the network. If the
--permissioned flag is specified but no nodes are added to the
permissioned-nodes.json file then this node can neither connect to any node nor accept any incoming connections.
permissioned-nodes.json file follows the below pattern, which is similar to the
<data-dir>/static-nodes.json file that is used to specify the list of static nodes a given node always connects to:
[ "enode://remoteky1@ip1:port1", "enode://remoteky1@ip2:port2", "enode://remoteky1@ip3:port3", ]
Sample file: (node id truncated for clarity)
[ "enode://email@example.com:30300", ]
Every node has its own copy of the
permissioned-nodes.json file. If different nodes have different lists of remote keys, then each node may have a different list of permissioned nodes which may have an adverse effect on the network.