mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-14 17:14:45 +08:00
fix ingress firewall updates
This commit is contained in:
abhishek9686
parent
148c1fdc8f
commit
6c52b68214
3 changed files with 19 additions and 2 deletions
|
|
@ -452,6 +452,7 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
|
|||
extclient.OwnerID = userName
|
||||
extclient.RemoteAccessClientID = customExtClient.RemoteAccessClientID
|
||||
extclient.IngressGatewayID = nodeid
|
||||
extclient.Network = node.Network
|
||||
extclient.Tags = make(map[models.TagID]struct{})
|
||||
extclient.Tags[models.TagID(fmt.Sprintf("%s.%s", extclient.Network,
|
||||
models.RemoteAccessTagName))] = struct{}{}
|
||||
|
|
@ -459,8 +460,6 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
|
|||
if (extclient.DNS == "") && (node.IngressDNS != "") {
|
||||
extclient.DNS = node.IngressDNS
|
||||
}
|
||||
|
||||
extclient.Network = node.Network
|
||||
host, err := logic.GetHost(node.HostID.String())
|
||||
if err != nil {
|
||||
logger.Log(0, r.Header.Get("user"),
|
||||
|
|
|
|||
|
|
@ -445,6 +445,9 @@ func IsUserAllowedToCommunicate(userName string, peer models.Node) bool {
|
|||
if err != nil {
|
||||
return false
|
||||
}
|
||||
if peer.IsStatic {
|
||||
peer = peer.StaticNode.ConvertToStaticNode()
|
||||
}
|
||||
policies := listPoliciesOfUser(*user, models.NetworkID(peer.Network))
|
||||
for _, policy := range policies {
|
||||
if !policy.Enabled {
|
||||
|
|
|
|||
|
|
@ -428,6 +428,11 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
|
|||
DstIP: extclient.StaticNode.AddressIPNet4().IP,
|
||||
Allow: true,
|
||||
})
|
||||
rules = append(rules, models.FwRule{
|
||||
SrcIp: extclient.StaticNode.AddressIPNet4().IP,
|
||||
DstIP: userNodeI.StaticNode.AddressIPNet4().IP,
|
||||
Allow: true,
|
||||
})
|
||||
}
|
||||
if userNodeI.StaticNode.Address6 != "" {
|
||||
rules = append(rules, models.FwRule{
|
||||
|
|
@ -435,6 +440,11 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
|
|||
DstIP: extclient.StaticNode.AddressIPNet6().IP,
|
||||
Allow: true,
|
||||
})
|
||||
rules = append(rules, models.FwRule{
|
||||
SrcIp: extclient.StaticNode.AddressIPNet6().IP,
|
||||
DstIP: userNodeI.StaticNode.AddressIPNet6().IP,
|
||||
Allow: true,
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -442,17 +452,22 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
|
|||
|
||||
for _, extclientI := range extclients {
|
||||
for _, extclient := range extclients {
|
||||
if extclient.StaticNode.ClientID == extclientI.StaticNode.ClientID {
|
||||
continue
|
||||
}
|
||||
if IsNodeAllowedToCommunicate(extclientI, extclient) {
|
||||
if extclientI.StaticNode.Address != "" {
|
||||
rules = append(rules, models.FwRule{
|
||||
SrcIp: extclientI.StaticNode.AddressIPNet4().IP,
|
||||
DstIP: extclient.StaticNode.AddressIPNet4().IP,
|
||||
Allow: true,
|
||||
})
|
||||
}
|
||||
if extclientI.StaticNode.Address6 != "" {
|
||||
rules = append(rules, models.FwRule{
|
||||
SrcIp: extclientI.StaticNode.AddressIPNet6().IP,
|
||||
DstIP: extclient.StaticNode.AddressIPNet6().IP,
|
||||
Allow: true,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue