From 5e62e7e7496bb4ee5bf389c0a1bb5684629ec089 Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Mon, 28 Oct 2024 10:53:12 +0400
Subject: [PATCH] check default user policy

---
 logic/extpeers.go | 43 ++++++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/logic/extpeers.go b/logic/extpeers.go
index 305b449a..0e1a7096 100644
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -426,7 +426,7 @@ func GetStaticNodeIps(node models.Node) (ips []net.IP) {
 
 func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 	// fetch user access to static clients via policies
-	//defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
+	defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 	defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 	nodes, _ := GetNetworkNodes(node.Network)
 	nodes = append(nodes, GetStaticNodesByNetwork(models.NetworkID(node.Network), true)...)
@@ -438,18 +438,16 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 			if peer.IsUserNode {
 				continue
 			}
-
 			if IsUserAllowedToCommunicate(userNodeI.StaticNode.OwnerID, peer) {
 				if peer.IsStatic {
-
 					if userNodeI.StaticNode.Address != "" {
-
-						rules = append(rules, models.FwRule{
-							SrcIp: userNodeI.StaticNode.AddressIPNet4().IP,
-							DstIP: peer.StaticNode.AddressIPNet4().IP,
-							Allow: true,
-						})
-
+						if !defaultUserPolicy.Enabled {
+							rules = append(rules, models.FwRule{
+								SrcIp: userNodeI.StaticNode.AddressIPNet4().IP,
+								DstIP: peer.StaticNode.AddressIPNet4().IP,
+								Allow: true,
+							})
+						}
 						rules = append(rules, models.FwRule{
 							SrcIp: peer.StaticNode.AddressIPNet4().IP,
 							DstIP: userNodeI.StaticNode.AddressIPNet4().IP,
@@ -457,12 +455,13 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 						})
 					}
 					if userNodeI.StaticNode.Address6 != "" {
-
-						rules = append(rules, models.FwRule{
-							SrcIp: userNodeI.StaticNode.AddressIPNet6().IP,
-							DstIP: peer.StaticNode.AddressIPNet6().IP,
-							Allow: true,
-						})
+						if !defaultUserPolicy.Enabled {
+							rules = append(rules, models.FwRule{
+								SrcIp: userNodeI.StaticNode.AddressIPNet6().IP,
+								DstIP: peer.StaticNode.AddressIPNet6().IP,
+								Allow: true,
+							})
+						}
 
 						rules = append(rules, models.FwRule{
 							SrcIp: peer.StaticNode.AddressIPNet6().IP,
@@ -473,11 +472,13 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 				} else {
 
 					if userNodeI.StaticNode.Address != "" {
-						rules = append(rules, models.FwRule{
-							SrcIp: userNodeI.StaticNode.AddressIPNet4().IP,
-							DstIP: peer.Address.IP,
-							Allow: true,
-						})
+						if !defaultUserPolicy.Enabled {
+							rules = append(rules, models.FwRule{
+								SrcIp: userNodeI.StaticNode.AddressIPNet4().IP,
+								DstIP: peer.Address.IP,
+								Allow: true,
+							})
+						}
 					}
 
 					if userNodeI.StaticNode.Address6 != "" {