[management, client] Add access control support to network routes #2100
Conversation
* extends route with access control groups * add support for creating and updating routes with access control groups * Add access control groups to routes API request and response * fix tests * fix tests
|
Any ETA on when this will be merged?? |
|
I would like to know as well..😅 |
|
@roney492 @fdisamuel This PR is one of our top priorities. Soon it will be merged, give us a couple of weeks :) |
|
Hey @braginini thank you for your answer, we are looking forward for it :D |
# Conflicts: # management/server/account.go # management/server/http/api/openapi.yml # management/server/http/routes_handler.go # management/server/http/routes_handler_test.go # management/server/mock_server/account_mock.go # management/server/route.go # management/server/route_test.go # route/route.go
bcmmbaga
force-pushed
the
feature/network-route-access-control
branch
from
9d2f6af to
f1817f3
Compare
* extends route with access control groups * add support for creating and updating routes with access control groups * Add access control groups to routes API request and response * fix tests * fix tests * Add network map processing for routed networks * Refactor FirewallRule message and add RouteFirewallRule * Refactor enum and field names in management proto files * Refactor firewall rules and add route firewall rules * Add firewall rules for routed networks * Refactor enums and remove redundant code * fix lint errors * Move getAllRoutePoliciesFromGroups function to route.go * Add tests for account peers routes firewall * Add support for port range in policy rules * Implement port range support in firewall rules * fix tests * Fix sonarcloud * Refactor * Replace PeerIP with SourceRange in RouteFirewallRule. * Add CIDR notation to source range * fix sonarlint * Fix merge * Add dynamic routing capabilities and allow all traffic for routes with no acl
# Conflicts: # management/server/account.go # management/server/http/policies_handler.go # management/server/http/routes_handler.go # management/server/http/routes_handler_test.go # management/server/mock_server/account_mock.go # management/server/route.go # management/server/route_test.go
|
|
Any update on this?? |
…2398) * Add route ACLs * Simplify createContainers * Fix test * Fix mgmt test * Fix cycle * Fix lints and remove obsolete code * Fix typo * Update firewall rules to support multiple source ranges --------- Co-authored-by: Viktor Liu <viktor@netbird.io> Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>
…ted (#2408) * Remove outbound rules * Add permissive legacy routing rules if the management server is outdated * Add established rules to in/output chains to allow route client return traffic * Remove obsolete iif/oif in inner input/output chain rules * Fix route rule and nat rule removal * Remove dst ip subnet in iptables output chain to align with nftables
# Conflicts: # management/server/account.go # management/server/grpcserver.go # management/server/route.go
bcmmbaga
force-pushed
the
feature/network-route-access-control
branch
from
8090502 to
43e1854
Compare
|
Any update on this? |
|
Not sure if I understand this feature request correctly. Is it meant to access a remote network computer (w/o netbird client) via IP from a computer (w/o netbird client) from a local network? I manage to networks with each having one netbird peer online. I want to use these peers to route traffic forward to both LANs. Network routes are properly set on both local routes, but I cannot reach the other side. |
@pernetz This feature is under review and testing now and should not affect your clients at this time. Can you please open a github issue with the problem? |
- Handle mgmt server handing out sources instead of single source - Adds ipset to iptables and sets for nftables when len(sources) > 1 - Make refcounter more generic for that purpose
|
lixmal
changed the title
Describe your changes
Issue ticket number and link
Checklist