gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-07 21:54:54 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix static node ingress rules

Browse source
This commit is contained in:
abhishek9686 2025-02-19 00:52:40 +04:00
parent 8536f0eeb9
commit 98606bc2dc
1 changed files with 23 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
logic/acls.go
View file

@ -863,20 +863,33 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
}
srcMap = convAclTagToValueMap(policy.Src)
dstMap = convAclTagToValueMap(policy.Dst)
_, srcAll := srcMap["*"]
_, dstAll := dstMap["*"]
if policy.AllowedDirection == models.TrafficDirectionBi {
if _, ok := srcMap[node.ID.String()]; ok {
allowedPolicies = append(allowedPolicies, policy)
break
if _, ok := srcMap[nodeId]; ok || srcAll {
if _, ok := dstMap[peerId]; ok || dstAll {
allowedPolicies = append(allowedPolicies, policy)
continue
}
}
if _, ok := dstMap[nodeId]; ok || dstAll {
if _, ok := srcMap[peerId]; ok || srcAll {
allowedPolicies = append(allowedPolicies, policy)
continue
}
}
}
if _, ok := dstMap[node.ID.String()]; ok {
allowedPolicies = append(allowedPolicies, policy)
break
if _, ok := dstMap[nodeId]; ok || dstAll {
if _, ok := srcMap[peerId]; ok || srcAll {
allowedPolicies = append(allowedPolicies, policy)
continue
}
}
for tagID := range nodeTags {
allowed := false
if _, ok := dstMap[tagID.String()]; policy.AllowedDirection == models.TrafficDirectionBi && ok {
if _, ok := srcMap["*"]; ok {
if srcAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
@ -893,7 +906,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
break
}
if _, ok := srcMap[tagID.String()]; ok {
if _, ok := dstMap["*"]; ok {
if dstAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
@ -913,7 +926,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
for tagID := range peerTags {
allowed := false
if _, ok := dstMap[tagID.String()]; ok {
if _, ok := srcMap["*"]; ok {
if srcAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break
@ -932,7 +945,7 @@ func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool)
}
if _, ok := srcMap[tagID.String()]; policy.AllowedDirection == models.TrafficDirectionBi && ok {
if _, ok := dstMap["*"]; ok {
if dstAll {
allowed = true
allowedPolicies = append(allowedPolicies, policy)
break