Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/acl for forward #1305

Merged
merged 96 commits into from
Dec 8, 2023
Merged

Fix/acl for forward #1305

merged 96 commits into from
Dec 8, 2023

Conversation

pappz
Copy link
Contributor

@pappz pappz commented Nov 13, 2023
edited
Loading

Describe your changes

Enforce the ACL rules for routed traffic.

Because under the hood the firewall rules depend from the route rules the two logic has been merged into the firewall package.

  • fix cleanup routine in iptables and nftables
  • refactor the nftables/iptables logic. (start to use prerouting and mangle table)
  • remove IPv6 related codes because it is unused
  • remove unused codes, variables, structures

Issue ticket number and link

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

pappz added 30 commits November 30, 2023 09:49
@pappz
Replace input, output to pre-post-routing
7ac3f98
@pappz
Set chain type to nat
393bc37
@pappz
Revert change and remove IPv6
2700f7e
@pappz
Refactor input/output logic
d2efff1
@pappz
Rename tables and chains
57019dd
@pappz
Fix interface names in fwd chain
a1864dd
@pappz
Simplify the table check
820c72d
@pappz
Error handling
227017b
@pappz
Restriction for NetBird address in fwd chain
2202237
@pappz
Try to fix fwd policy
12c8de7
@pappz
Try to fix forward-forward pair
201a5c2
@pappz
Remove ipv6 related codes from fw, acl, route mgr
4cd0aad
@pappz
Move fw check to firewall pkg
d4014da
@pappz
Refactor acl and routemanager packages
156e84e 
Move iptables, netfilter related code from acl
and routemanager packages to the common firewall
package.
@pappz
Implement clean up for nftable
aa09658
@pappz
Handle allow list for route rules
a5a1de3
@pappz
Delete garbage forward rules
736f37d
@pappz
Fix acl test
5d53ea2
@pappz
Remove comment
e1b420e
@pappz
Apply router chains in acl accept chain
7d2fc4e
@pappz
Simplify jump rules
e5b8f9c
@pappz
Refactor manager_linux.go
dbdd7ec 
Move ACL related codes to a file
@pappz
Fix port flush
a76c46f
@pappz
Fix route delete operation
ab2bfe9
@pappz
Remove ipv6 calculation
50f13d0
@pappz
Fix ipset usage
192cd69
@pappz
Add prerouting, mangle filter
7f76e3e
@pappz
Fix icmp handling
337aeb3
@pappz
Add fwd allow
2f60d94
@pappz
Fix filter table cleanup
7f03ca6
@pappz pappz force-pushed the fix/acl-for-forward branch from efc27ac to 956d1b8 Compare December 4, 2023 16:11
@pappz pappz marked this pull request as ready for review December 6, 2023 10:39
mlsmaycon
mlsmaycon requested changes Dec 7, 2023
View reviewed changes
client/firewall/iptables/acl_linux.go Outdated Show resolved Hide resolved
client/firewall/iptables/acl_linux.go Outdated Show resolved Hide resolved
client/firewall/iptables/acl_linux.go Outdated Show resolved Hide resolved
@pappz
Fix
5efc565 
- typo fix
- use firewall mark as constant in iptables
@pappz pappz merged commit 006ba32 into main Dec 8, 2023
14 checks passed
@pappz pappz deleted the fix/acl-for-forward branch December 8, 2023 09:48
@Fantu Fantu mentioned this pull request Dec 10, 2023
Open
pulsastrix pushed a commit to pulsastrix/netbird that referenced this pull request Dec 24, 2023
@pappz
Fix/acl for forward (netbirdio#1305)
3818e44 
Fix ACL on routed traffic and code refactor
@pappz pappz mentioned this pull request Feb 6, 2024
Open
Foosec pushed a commit to Foosec/netbird that referenced this pull request May 8, 2024
@pappz
Fix/acl for forward (netbirdio#1305)
078b49c 
Fix ACL on routed traffic and code refactor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mlsmaycon mlsmaycon mlsmaycon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pappz @mlsmaycon