Inicio Explorar Ayuda
Iniciar sesión
golang
/
netmaker
espejo de https://github.com/gravitl/netmaker
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

add egress domain ranges to node acls

abhishek9686 hace 18 horas
padre
624ec22391
commit
db33f676ac
Se han modificado 1 ficheros con 28 adiciones y 4 borrados
Dividir vista Mostrar estadísticas de diff
  1. 28 4
      logic/acls.go

+ 28 - 4
logic/acls.go
Ver fichero 

@@ -543,7 +543,18 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 						continue
 
 					}
 
 					if _, ok := eI.Nodes[targetnode.ID.String()]; ok {
 
-						if eI.Range != "" {
 
+						if servercfg.IsPro && eI.Domain != "" && len(eI.DomainAns) > 0 {
 
+							for _, domainAnsI := range eI.DomainAns {
 
+								ip, cidr, err := net.ParseCIDR(domainAnsI)
 
+								if err == nil {
 
+									if ip.To4() != nil {
 
+										egressRanges4 = append(egressRanges4, *cidr)
 
+									} else {
 
+										egressRanges6 = append(egressRanges6, *cidr)
 
+									}
 
+								}
 
+							}
 
+						} else if eI.Range != "" {
 
 							_, cidr, err := net.ParseCIDR(eI.Range)
 
 							if err == nil {
 
 								if cidr.IP.To4() != nil {
 
@@ -553,6 +564,7 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 								}
 
 							}
 
 						}
 
+						dstTags[targetnode.ID.String()] = struct{}{}
 
 					}
 
 				}
 
 				break
 
@@ -562,7 +574,18 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 				err := e.Get(db.WithContext(context.TODO()))
 
 				if err == nil && e.Status && len(e.Nodes) > 0 {
 
 					if _, ok := e.Nodes[targetnode.ID.String()]; ok {
 
-						if e.Range != "" {
 
+						if servercfg.IsPro && e.Domain != "" && len(e.DomainAns) > 0 {
 
+							for _, domainAnsI := range e.DomainAns {
 
+								ip, cidr, err := net.ParseCIDR(domainAnsI)
 
+								if err == nil {
 
+									if ip.To4() != nil {
 
+										egressRanges4 = append(egressRanges4, *cidr)
 
+									} else {
 
+										egressRanges6 = append(egressRanges6, *cidr)
 
+									}
 
+								}
 
+							}
 
+						} else if e.Range != "" {
 
 							_, cidr, err := net.ParseCIDR(e.Range)
 
 							if err == nil {
 
 								if cidr.IP.To4() != nil {
 
@@ -572,6 +595,7 @@ func GetAclRulesForNode(targetnodeI *models.Node) (rules map[string]models.AclRu
 
 								}
 
 							}
 
 						}
 
+						dstTags[targetnode.ID.String()] = struct{}{}
 
 					}
 
 
 				}
 
@@ -818,10 +842,10 @@ func GetEgressRulesForNode(targetnode models.Node) (rules map[string]models.AclR
 
 						if node.ID == targetnode.ID {
 
 							continue
 
 						}
 
-						if node.Address.IP != nil {
 
+						if !node.IsStatic && node.Address.IP != nil {
 
 							aclRule.IPList = append(aclRule.IPList, node.AddressIPNet4())
 
 						}
 
-						if node.Address6.IP != nil {
 
+						if !node.IsStatic && node.Address6.IP != nil {
 
 							aclRule.IP6List = append(aclRule.IP6List, node.AddressIPNet6())
 
 						}
 
 						if node.IsStatic && node.StaticNode.Address != "" {