sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-19 00:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,034 Commits 365 Branches 321 Tags
4d2c774378843a5e95c76201a4e501f5e39294c2
Commit Graph

28 Commits

Author SHA1 Message Date
Viktor Liu
0c2a3dd937 Merge branch 'main' into feature/flow 2025-03-10 18:30:45 +01:00
Viktor Liu
80ceb80197 [client] Ignore candidates that are part of the the wireguard subnet (#3472) 2025-03-10 13:59:21 +01:00
Maycon Santos
fd62665b1f Merge branch 'main' into feature/flow 
# Conflicts:
#	client/cmd/testutil_test.go
#	client/firewall/iptables/router_linux.go
#	client/firewall/nftables/router_linux.go
#	client/firewall/uspfilter/allow_netbird.go
#	client/firewall/uspfilter/allow_netbird_windows.go
#	client/firewall/uspfilter/uspfilter_test.go
#	client/internal/engine.go
#	client/internal/engine_test.go
#	client/server/server_test.go
#	go.mod
#	go.sum
#	management/client/client_test.go
#	management/cmd/management.go
#	management/proto/management.pb.go
#	management/proto/management.proto
#	management/server/account.go
#	management/server/account_test.go
#	management/server/dns_test.go
#	management/server/http/handler.go
#	management/server/http/testing/testing_tools/tools.go
#	management/server/integrations/port_forwarding/controller.go
#	management/server/management_proto_test.go
#	management/server/management_test.go
#	management/server/nameserver_test.go
#	management/server/peer.go
#	management/server/peer_test.go
#	management/server/route_test.go
 2025-03-09 17:42:16 +01:00
Viktor Liu
fc1da94520 [client, management] Add port forwarding (#3275) 
Add initial support to ingress ports on the client code.

- new types where added
- new protocol messages and controller
 2025-03-09 16:06:43 +01:00
Viktor Liu
8c81a823fa Add flow ACL IDs (#3421) 2025-03-04 16:43:07 +01:00
Viktor Liu
bcc5824980 [client] Close userspace firewall properly (#3426) 2025-03-04 11:19:42 +01:00
Viktor Liu
8755211a60 Merge branch 'main' into feature/port-forwarding 2025-02-20 11:39:06 +01:00
Viktor Liu
b41de7fcd1 [client] Enable userspace forwarder conditionally (#3309) 
* Enable userspace forwarder conditionally

* Move disable/enable logic
 2025-02-12 11:10:49 +01:00
Viktor Liu
05415f72ec [client] Add experimental support for userspace routing (#3134) 2025-02-07 14:11:53 +01:00
Zoltan Papp
26693e4ea8 Feature/port forwarding client ingress (#3242) 
Client-side forward handling

Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>

---------

Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>
 2025-01-29 16:04:33 +01:00
Viktor Liu
5a82477d48 [client] Remove outbound chains (#3157) 2025-01-15 16:57:41 +01:00
Viktor Liu
1bbabf70b0 [client] Fix allow netbird rule verdict (#2925) 
* Fix allow netbird rule verdict

* Fix chain name
 2024-11-21 16:53:37 +01:00
Viktor Liu
39329e12a1 [client] Improve state write timeout and abort work early on timeout (#2882) 
* Improve state write timeout and abort work early on timeout

* Don't block on initial persist state
 2024-11-13 13:46:00 +01:00
Viktor Liu
940f8b4547 [client] Remove legacy forwarding rules in userspace mode (#2782) 2024-10-28 12:29:29 +01:00
Viktor Liu
8016710d24 [client] Cleanup firewall state on startup (#2768) 2024-10-24 14:46:24 +02:00
Viktor Liu
3a88ac78ff [client] Add table filter rules using iptables (#2727) 
This specifically concerns the established/related rule since this one is not compatible with iptables-nft even if it is generated the same way by iptables-translate.
 2024-10-12 10:44:48 +02:00
Bethuel Mmbaga
ff7863785f [management, client] Add access control support to network routes (#2100) 2024-10-02 13:41:00 +02:00
Viktor Liu
6aae797baf Add loopback ignore rule to nat chains (#2190) 
This makes sure loopback traffic is not affected by NAT
 2024-06-25 09:43:36 +02:00
Zoltan Papp
3591795a58 Fix allow netbird traffic for nftables and userspace (#1446) 
Add default allow rules for input and output chains as part of the allownetbird call for userspace mode
 2024-01-11 12:21:58 +01:00
Zoltan Papp
006ba32086 Fix/acl for forward (#1305) 
Fix ACL on routed traffic and code refactor
 2023-12-08 10:48:21 +01:00
Yury Gargay
d1a323fa9d Add gocritic linter (#1324) 
* Add gocritic linter

`gocritic` provides diagnostics that check for bugs, performance, and style issues

We disable the following checks:

- commentFormatting
- captLocal
- deprecatedComment

This PR contains many `//nolint:gocritic` to disable `appendAssign`.
 2023-11-27 16:40:02 +01:00
Fabio Fantoni
c99ae6f009 fix some typo spotted with codespell (#1278) 
Fixed spelling typos on logs, comments and command help text
 2023-11-01 17:11:16 +01:00
Givi Khojanashvili
246abda46d Add default firewall rule to allow netbird traffic (#1056) 
Add a default firewall rule to allow netbird traffic to be handled 
by the access control managers.

Userspace manager behavior:
- When running on Windows, a default rule is add on Windows firewall
- For Linux, we are using one of the Kernel managers to add a single rule
- This PR doesn't handle macOS

Kernel manager behavior:
- For NFtables, if there is a filter table, an INPUT rule is added
- Iptables follows the previous flow if running on kernel mode. If running 
on userspace mode, it adds a single rule for INPUT and OUTPUT chains

A new checkerFW package has been introduced to consolidate checks across
route and access control managers.
It supports a new environment variable to skip nftables and allow iptables tests
 2023-09-05 21:07:32 +02:00
Givi Khojanashvili
6ad3847615 Fix nfset not binds to the rule (#1024) 2023-07-21 17:45:58 +02:00
Givi Khojanashvili
e69ec6ab6a Optimize ACL performance (#994) 
* Optimize rules with All groups

* Use IP sets in ACLs (nftables implementation)

* Fix squash rule when we receive optimized rules list from management
 2023-07-18 13:12:50 +04:00
Givi Khojanashvili
ef59001459 Fix routes allow acl rule (#940) 
Modify rules in iptables and nftables to accept all traffic not from netbird network but routed through it.
 2023-06-07 15:24:27 +02:00
Givi Khojanashvili
293499c3c0 Extend protocol and firewall manager to handle old management (#915) 
* Extend protocol and firewall manager to handle old management

* Send correct empty firewall rules list when delete peer

* Add extra tests for firewall manager and uspfilter

* Work with inconsistent state

* Review note

* Update comment
 2023-05-31 19:04:38 +02:00
Givi Khojanashvili
ba7a39a4fc Feat linux firewall support (#805) 
Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
 2023-05-29 16:00:18 +02:00