Open rpellerej opened 5 months ago
pappz
commented
5 months ago On the Dashboard, policies page you can create rules for groups. When you create a setup-key you can set auto-assigned groups for the key. If you start to use that key then the peers will set the restrictions automatically.
rpellerej
commented
5 months ago Even if my setup key does not have auto assigned groups, Netbird will add this inbound rule in the windows firewall :
The problem for me is the following :
Because of this rule, every trafic which is allowed by netbird will go in the windows server.
My windows firewall is configured to reject every inbound trafic which is not allowed by a specific rule. So, I want to be able to reject a connection on the windows server side, even if this connection was allowed by the Netbird server. Because of this rule, it is not possible.
The behaviour I would like to have : A user try to connect to the server using RDP throug Netbird -> Check Netbird ACLs (OK) -> Check Windows firewall (NOT OK, because the windows firewall is bypassed by the automatic Netbird rule)
I can delete manually the rule to achieve what I want, but this is not a long term solution.
I would be very grateful if you have any idea or suggestion.
When I connect a windows server to my netbird server using a setup key, it will automatically add a rule in the windows firewall, allowing all incomming trafic from the netbird network.
I'd like to have the possibility to prevent this firewall modification, to have a second security check inside my server, and to not delegate fully to netbird server the ACLs. On Linux debian based servers, the netbird client does not seems to update iptables for instance.
I did not found a way to prevent directly from windows the firewall modification. I found someone who add an automatic task which trigger on a specifi event to rewrite the firewall, but I did not succeed to set up such a task.
Thank you in advance for your returns ! :)