Network Traffic should not count specific connections

metal-stack / firewall-controller

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics

MIT License

47 stars 4 forks source link

Network Traffic should not count specific connections #10

Closed majst01 closed 4 years ago

majst01 commented 4 years ago

It must be possible to exclude network traffic which is partition local for example. This can be achieved by switching network accounting from a interface based accounting to nftables based counters. We must then create counter rules for "ignored" networks and all other networks per vrf id.

The list if ignored networks is stored in the firewall crd. This is done from the gardener-extension-provider-metal which will ask metal-api to get these networks.

@mwennrich @mwindower

mwindower commented 4 years ago

Actually the list of internal networks is provided at the accounting exporter and consumed from the gepm.