Add logic layer for the ACL firewall rules management.

2026-04-22 10:16:38 +00:00 · 2023-03-17 19:02:54 +04:00
parent 9ab2fd1340
commit 64bf7699e6
7 changed files with 166 additions and 12 deletions
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -272,7 +272,7 @@ func (a *Account) GetGroup(groupID string) *Group {

 // GetPeerNetworkMap returns a group by ID if exists, nil otherwise
 func (a *Account) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
-	aclPeers, _ := a.getPeersByPolicy(peerID)
+	aclPeers, firewallRules := a.getPeersByPolicy(peerID)
 	// exclude expired peers
 	var peersToConnect []*Peer
 	var expiredPeers []*Peer
@@ -303,11 +303,12 @@ func (a *Account) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
 	}

 	return &NetworkMap{
-		Peers:        peersToConnect,
-		Network:      a.Network.Copy(),
-		Routes:       routesUpdate,
-		DNSConfig:    dnsUpdate,
-		OfflinePeers: expiredPeers,
+		Peers:         peersToConnect,
+		Network:       a.Network.Copy(),
+		Routes:        routesUpdate,
+		DNSConfig:     dnsUpdate,
+		OfflinePeers:  expiredPeers,
+		FirewallRules: firewallRules,
 	}
 }

--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -420,6 +420,8 @@ func toSyncResponse(config *Config, peer *Peer, turnCredentials *TURNCredentials

 	offlinePeers := toRemotePeerConfig(networkMap.OfflinePeers, dnsName)

+	firewallRules := toProtocolFirewallRules(networkMap.FirewallRules)
+
 	return &proto.SyncResponse{
 		WiretrusteeConfig:  wtConfig,
 		PeerConfig:         pConfig,
@@ -433,6 +435,7 @@ func toSyncResponse(config *Config, peer *Peer, turnCredentials *TURNCredentials
 			RemotePeersIsEmpty: len(remotePeers) == 0,
 			Routes:             routesUpdate,
 			DNSConfig:          dnsUpdate,
+			FirewallRules:      firewallRules,
 		},
 	}
 }
--- a/management/server/network.go
+++ b/management/server/network.go
@@ -23,11 +23,12 @@ const (
 )

 type NetworkMap struct {
-	Peers        []*Peer
-	Network      *Network
-	Routes       []*route.Route
-	DNSConfig    nbdns.Config
-	OfflinePeers []*Peer
+	Peers         []*Peer
+	Network       *Network
+	Routes        []*route.Route
+	DNSConfig     nbdns.Config
+	OfflinePeers  []*Peer
+	FirewallRules []*FirewallRule
 }

 type Network struct {
--- a/management/server/policy.go
+++ b/management/server/policy.go
@@ -8,6 +8,7 @@ import (
 	"html/template"
 	"strings"

+	"github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/status"

@@ -449,3 +450,17 @@ func (am *DefaultAccountManager) savePolicy(account *Account, policy *Policy) (e
 	}
 	return
 }
+
+func toProtocolFirewallRules(update []*FirewallRule) []*proto.FirewallRule {
+	result := make([]*proto.FirewallRule, len(update))
+	for i := range update {
+		result[i] = &proto.FirewallRule{
+			PeerID:    update[i].PeerID,
+			PeerIP:    update[i].PeerIP,
+			Direction: update[i].Direction,
+			Port:      update[i].Port,
+			Action:    update[i].Action,
+		}
+	}
+	return result
+}