mirror of
https://github.com/slackhq/nebula.git
synced 2024-09-20 14:56:12 +08:00
Fix "any" firewall rules for unsafe_routes (#1099)
This commit is contained in:
parent
f8fb9759e9
commit
8b68a08723
|
@ -876,13 +876,15 @@ func (fr *FirewallRule) match(p firewall.Packet, c *cert.NebulaCertificate) bool
|
|||
}
|
||||
|
||||
func (flc *firewallLocalCIDR) addRule(f *Firewall, localIp *net.IPNet) error {
|
||||
if localIp == nil || (localIp != nil && localIp.Contains(net.IPv4(0, 0, 0, 0))) {
|
||||
if localIp == nil {
|
||||
if !f.hasSubnets || f.defaultLocalCIDRAny {
|
||||
flc.Any = true
|
||||
return nil
|
||||
}
|
||||
|
||||
localIp = f.assignedCIDR
|
||||
} else if localIp.Contains(net.IPv4(0, 0, 0, 0)) {
|
||||
flc.Any = true
|
||||
}
|
||||
|
||||
flc.LocalCIDR.AddCIDR(localIp, struct{}{})
|
||||
|
|
Loading…
Reference in a new issue