extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-30 22:50:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Squash firewall rules by protocoll if they affects all peers (#921)

Browse Source
This commit is contained in:
Givi Khojanashvili
2023-06-02 10:14:47 +04:00
committed by GitHub
parent 1939973c2e
commit 4cd9ccb493
3 changed files with 337 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
client/internal/engine.go
View File

@ -637,13 +637,7 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
}
if e.acl != nil {
// if we got empty rules list but management not set networkMap.FirewallRulesIsEmpty flag
// we have old version of management without rules handling, we should allow all traffic
allowByDefault := len(networkMap.FirewallRules) == 0 && !networkMap.FirewallRulesIsEmpty
if allowByDefault {
log.Warn("this peer is connected to a NetBird Management service with an older version. Allowing all traffic from connected peers")
}
e.acl.ApplyFiltering(networkMap.FirewallRules, allowByDefault)
e.acl.ApplyFiltering(networkMap)
}
e.networkSerial = serial
return nil