docs: update no-macaroons option in macaroon

2025-08-30 07:35:07 +02:00 · 2020-07-21 18:12:13 +08:00
parent 3a3b5413b9
commit 86d5facaa2
2 changed files with 9 additions and 2 deletions
--- a/docs/macaroons.md
+++ b/docs/macaroons.md
@@ -81,7 +81,14 @@ methods. This means a few important things:
 You can also run `lnd` with the `--no-macaroons` option, which skips the
 creation of the macaroon files and all macaroon checks within the RPC server.
 This means you can still pass a macaroon to the RPC server with a client, but
-it won't be checked for validity.
+it won't be checked for validity. Note that disabling authentication of a server
+that's listening on a public interface is not allowed. This means the
+`--no-macaroons` option is only permitted when the RPC server is in a private
+network. In CIDR notation, the following IPs are considered private,
+- [`169.254.0.0/16` and `fe80::/10`](https://en.wikipedia.org/wiki/Link-local_address).
+- [`224.0.0.0/4` and `ff00::/8`](https://en.wikipedia.org/wiki/Multicast_address).
+- [`10.0.0.0/8`, `172.16.0.0/12` and `192.168.0.0/16`](https://tools.ietf.org/html/rfc1918).
+- [`fc00::/7`](https://tools.ietf.org/html/rfc4193).

 Since `lnd` requires macaroons by default in order to call RPC methods, `lncli`
 now reads a macaroon and provides it in the RPC call. Unless the path is