NET-2061: Fix egress user policies (#3484)

* revert inet gws from acl policies * add egress range with metric for inet gw * link pro inet funcs * fix extclient comms with users * remove TODO comments * add backwards compatibility to egress ranges * remove all resources check * remove device policy check on pro
2025-09-08 14:15:25 +08:00 · 2025-06-06 07:36:49 +05:30 · 2025-06-06 07:36:49 +05:30 · fdc8ea4320
commit fdc8ea4320
parent fcc558e792
2 changed files with 2 additions and 3 deletions
--- a/logic/peers.go
+++ b/logic/peers.go
@ -207,8 +207,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 		defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 		if (defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled) ||
-			(!CheckIfAnyPolicyisUniDirectional(node, acls) && !CheckIfAnyActiveEgressPolicy(node, acls)) ||
-			CheckIfNodeHasAccessToAllResources(&node, acls) {
+			(!CheckIfAnyPolicyisUniDirectional(node, acls) && !CheckIfAnyActiveEgressPolicy(node, acls)) {
 			aclRule := models.AclRule{
 				ID:              fmt.Sprintf("%s-allowed-network-rules", node.ID.String()),
 				AllowedProtocol: models.ALL,
--- a/pro/logic/acls.go
+++ b/pro/logic/acls.go
@ -1153,7 +1153,7 @@ func CheckIfAnyActiveEgressPolicy(targetNode models.Node, acls []models.Acl) boo
 	targetNodeTags[models.TagID(targetNode.ID.String())] = struct{}{}
 	targetNodeTags["*"] = struct{}{}
 	for _, acl := range acls {
-		if !acl.Enabled || acl.RuleType != models.DevicePolicy {
+		if !acl.Enabled {
 			continue
 		}
 		srcTags := logic.ConvAclTagToValueMap(acl.Src)