Skip to content

Commit

Permalink
Fix "any" firewall rules for unsafe_routes
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnmaguire
johnmaguire committed Mar 28, 2024
1 parent 19b0969 commit 510f409
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion firewall.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -876,13 +876,15 @@ func (fr *FirewallRule) match(p firewall.Packet, c *cert.NebulaCertificate) bool
}

func (flc *firewallLocalCIDR) addRule(f *Firewall, localIp *net.IPNet) error {
if localIp == nil || (localIp != nil && localIp.Contains(net.IPv4(0, 0, 0, 0))) {
if localIp == nil {
if !f.hasSubnets || f.defaultLocalCIDRAny {
flc.Any = true
return nil
}

localIp = f.assignedCIDR
} else if localIp.Contains(net.IPv4(0, 0, 0, 0)) {
flc.Any = true
}

flc.LocalCIDR.AddCIDR(localIp, struct{}{})
Expand Down

0 comments on commit 510f409

Please sign in to comment.