firewall-controller icon indicating copy to clipboard operation
firewall-controller copied to clipboard
verified publisher icon metal-stack

default to any for empty fields is not working anymore

Open mwennrich opened this issue 2 years ago • 0 comments

According to the spec, rules which leave to: or ports: fields empty, the rule should default to any for these fields:

FIELDS:
   ports        <[]Object>
     List of destination ports for outgoing traffic. Each item in this list is
     combined using a logical OR. If this field is empty or missing, this rule
     matches all ports (traffic not restricted by port) 

   to   <[]Object>
     List of destinations for outgoing traffic of a cluster for this rule. Items
     in this list are combined using a logical OR operation. If this field is
     empty or missing, this rule matches all destinations (traffic not
     restricted by destination).

This does not work anymore.

Example:

apiVersion: metal-stack.io/v1
kind: ClusterwideNetworkPolicy
metadata:
  name: allow-to-81
  namespace: firewall
spec:
  egress:
  - ports:
    - port: 81
      protocol: TCP

does not allow traffic on port 81. With an additional

    to:
    - cidr: 0.0.0.0/0

it does still work.

mwennrich avatar Apr 13 '23 09:04 mwennrich