mirror of
https://github.com/gravitl/netmaker.git
synced 2025-11-10 00:30:37 +08:00
fix ipv6 addr rules on gw node
This commit is contained in:
abhishek9686
parent
6e1b16a6ea
commit
8f370a74a9
1 changed files with 60 additions and 24 deletions
|
|
@ -459,6 +459,7 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
|
||||||
|
|
||||||
for _, policy := range allowedPolicies {
|
for _, policy := range allowedPolicies {
|
||||||
// if static peer dst rule not for ingress node -> skip
|
// if static peer dst rule not for ingress node -> skip
|
||||||
|
if node.Address.IP != nil {
|
||||||
rules = append(rules, models.FwRule{
|
rules = append(rules, models.FwRule{
|
||||||
SrcIP: net.IPNet{
|
SrcIP: net.IPNet{
|
||||||
IP: node.Address.IP,
|
IP: node.Address.IP,
|
||||||
|
|
@ -472,7 +473,25 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
|
||||||
AllowedPorts: policy.Port,
|
AllowedPorts: policy.Port,
|
||||||
Allow: true,
|
Allow: true,
|
||||||
})
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
if node.Address6.IP != nil {
|
||||||
|
rules = append(rules, models.FwRule{
|
||||||
|
SrcIP: net.IPNet{
|
||||||
|
IP: node.Address6.IP,
|
||||||
|
Mask: net.CIDRMask(128, 128),
|
||||||
|
},
|
||||||
|
DstIP: net.IPNet{
|
||||||
|
IP: peer.Address6.IP,
|
||||||
|
Mask: net.CIDRMask(128, 128),
|
||||||
|
},
|
||||||
|
AllowedProtocol: policy.Proto,
|
||||||
|
AllowedPorts: policy.Port,
|
||||||
|
Allow: true,
|
||||||
|
})
|
||||||
|
}
|
||||||
if policy.AllowedDirection == models.TrafficDirectionBi {
|
if policy.AllowedDirection == models.TrafficDirectionBi {
|
||||||
|
if node.Address.IP != nil {
|
||||||
rules = append(rules, models.FwRule{
|
rules = append(rules, models.FwRule{
|
||||||
SrcIP: net.IPNet{
|
SrcIP: net.IPNet{
|
||||||
IP: peer.Address.IP,
|
IP: peer.Address.IP,
|
||||||
|
|
@ -487,13 +506,30 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
|
||||||
Allow: true,
|
Allow: true,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if node.Address6.IP != nil {
|
||||||
|
rules = append(rules, models.FwRule{
|
||||||
|
SrcIP: net.IPNet{
|
||||||
|
IP: peer.Address6.IP,
|
||||||
|
Mask: net.CIDRMask(128, 128),
|
||||||
|
},
|
||||||
|
DstIP: net.IPNet{
|
||||||
|
IP: node.Address6.IP,
|
||||||
|
Mask: net.CIDRMask(128, 128),
|
||||||
|
},
|
||||||
|
AllowedProtocol: policy.Proto,
|
||||||
|
AllowedPorts: policy.Port,
|
||||||
|
Allow: true,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
if len(node.StaticNode.ExtraAllowedIPs) > 0 {
|
if len(node.StaticNode.ExtraAllowedIPs) > 0 {
|
||||||
for _, additionalAllowedIPNet := range node.StaticNode.ExtraAllowedIPs {
|
for _, additionalAllowedIPNet := range node.StaticNode.ExtraAllowedIPs {
|
||||||
_, ipNet, err := net.ParseCIDR(additionalAllowedIPNet)
|
_, ipNet, err := net.ParseCIDR(additionalAllowedIPNet)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if ipNet.IP.To4() != nil {
|
if ipNet.IP.To4() != nil && peer.Address.IP != nil {
|
||||||
rules = append(rules, models.FwRule{
|
rules = append(rules, models.FwRule{
|
||||||
SrcIP: net.IPNet{
|
SrcIP: net.IPNet{
|
||||||
IP: peer.Address.IP,
|
IP: peer.Address.IP,
|
||||||
|
|
@ -502,11 +538,11 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
|
||||||
DstIP: *ipNet,
|
DstIP: *ipNet,
|
||||||
Allow: true,
|
Allow: true,
|
||||||
})
|
})
|
||||||
} else {
|
} else if peer.Address6.IP != nil {
|
||||||
rules = append(rules, models.FwRule{
|
rules = append(rules, models.FwRule{
|
||||||
SrcIP: net.IPNet{
|
SrcIP: net.IPNet{
|
||||||
IP: peer.Address.IP,
|
IP: peer.Address6.IP,
|
||||||
Mask: net.CIDRMask(32, 32),
|
Mask: net.CIDRMask(128, 128),
|
||||||
},
|
},
|
||||||
DstIP: *ipNet,
|
DstIP: *ipNet,
|
||||||
Allow: true,
|
Allow: true,
|
||||||
|
|
@ -522,7 +558,7 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if ipNet.IP.To4() != nil {
|
if ipNet.IP.To4() != nil && node.Address.IP != nil {
|
||||||
rules = append(rules, models.FwRule{
|
rules = append(rules, models.FwRule{
|
||||||
SrcIP: net.IPNet{
|
SrcIP: net.IPNet{
|
||||||
IP: node.Address.IP,
|
IP: node.Address.IP,
|
||||||
|
|
@ -531,11 +567,11 @@ func getFwRulesForNodeAndPeerOnGw(node, peer models.Node, allowedPolicies []mode
|
||||||
DstIP: *ipNet,
|
DstIP: *ipNet,
|
||||||
Allow: true,
|
Allow: true,
|
||||||
})
|
})
|
||||||
} else {
|
} else if node.Address6.IP != nil {
|
||||||
rules = append(rules, models.FwRule{
|
rules = append(rules, models.FwRule{
|
||||||
SrcIP: net.IPNet{
|
SrcIP: net.IPNet{
|
||||||
IP: node.Address.IP,
|
IP: node.Address6.IP,
|
||||||
Mask: net.CIDRMask(32, 32),
|
Mask: net.CIDRMask(128, 128),
|
||||||
},
|
},
|
||||||
DstIP: *ipNet,
|
DstIP: *ipNet,
|
||||||
Allow: true,
|
Allow: true,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue