Merge branch 'main' into feature/remote-debug-clean

# Conflicts: # client/cmd/testutil_test.go # client/internal/engine_test.go # client/server/server.go # client/server/server_test.go # client/status/status.go # go.mod # go.sum # management/internals/server/boot.go # management/internals/server/modules.go # management/internals/shared/grpc/server.go # management/server/account.go # management/server/account/manager.go # management/server/account_test.go # management/server/dns_test.go # management/server/http/testing/testing_tools/channel/channel.go # management/server/management_proto_test.go # management/server/management_test.go # management/server/nameserver_test.go # management/server/peer_test.go # management/server/route_test.go # shared/management/client/client_test.go # shared/management/proto/management.pb.go
2026-04-21 01:36:46 +00:00 · 2025-11-18 18:30:48 +01:00
parent fe88a5662e 60f4d5f9b0
commit 224bd8ff22
240 changed files with 22880 additions and 5597 deletions
--- a/management/server/types/networkmapbuilder.go
+++ b/management/server/types/networkmapbuilder.go
@@ -22,10 +22,11 @@ import (
 )

 const (
-	allPeers = "0.0.0.0"
-	fw       = "fw:"
-	rfw      = "route-fw:"
-	nr       = "network-resource-"
+	allPeers      = "0.0.0.0"
+	allWildcard   = "0.0.0.0/0"
+	v6AllWildcard = "::/0"
+	fw            = "fw:"
+	rfw           = "route-fw:"
 )

 type NetworkMapCache struct {
@@ -257,8 +258,6 @@ func (b *NetworkMapBuilder) buildPeerACLView(account *Account, peerID string) {
 func (b *NetworkMapBuilder) getPeerConnectionResources(account *Account, peer *nbpeer.Peer,
 	validatedPeersMap map[string]struct{},
 ) ([]*nbpeer.Peer, []*FirewallRule) {
-	ctx := context.Background()
-
 	peerID := peer.ID

 	peerGroups := b.cache.peerToGroups[peerID]
@@ -275,9 +274,6 @@ func (b *NetworkMapBuilder) getPeerConnectionResources(account *Account, peer *n
 	for _, group := range peerGroups {
 		policies := b.cache.groupToPolicies[group]
 		for _, policy := range policies {
-			if isValid := account.validatePostureChecksOnPeer(ctx, policy.SourcePostureChecks, peerID); !isValid {
-				continue
-			}
 			rules := b.cache.policyToRules[policy.ID]
 			for _, rule := range rules {
 				var sourcePeers, destinationPeers []*nbpeer.Peer
@@ -1645,6 +1641,10 @@ func (b *NetworkMapBuilder) updateRouteFirewallRules(routesView *PeerRoutesView,
 			}

 			if string(rule.RouteID) == update.RuleID {
+				if hasWildcard := slices.Contains(rule.SourceRanges, allWildcard) || slices.Contains(rule.SourceRanges, v6AllWildcard); hasWildcard {
+					break
+				}
+
 				sourceIP := update.AddSourceIP

 				if strings.Contains(sourceIP, ":") {
--- a/management/server/types/route_firewall_rule.go
+++ b/management/server/types/route_firewall_rule.go
@@ -1,8 +1,8 @@
 package types

 import (
-	"github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/route"
+	"github.com/netbirdio/netbird/shared/management/domain"
 )

 // RouteFirewallRule a firewall rule applicable for a routed network.