Open sisumara opened 7 months ago
Hey @sisumara This is a know limitation. The access control rule you have set up is applied to the routing peer but not the machines behind it. We are working on enhancing the access control to apply port and protocol restrictions on the machines behind the router.
Do you want to limit ports and protocols for the whole network behind the router or individual resources?
Hey @sisumara This is a know limitation. The access control rule you have set up is applied to the routing peer but not the machines behind it. We are working on enhancing the access control to apply port and protocol restrictions on the machines behind the router.
So, I can limit traffic flow with access policies the only to the peers, right?
Do you want to limit ports and protocols for the whole network behind the router or individual resources?
I have couple of cases and in some of them it needs to limit the whole network in some of them just certain hosts in the network.
YEs the same, test to accept juste in TCP port 32400 (plex) and the host with netbird agent havec access to connecte on SSH : explain flow
host peer agent ----> host routing peer -----> server plex
I want to block the host peer agent just right access on port 32400 and not all port in host beinhind routing peer
Describe the problem
Today I've deployed a new setup which has separated IDP based on Zitadel and Netbird which I've configured using advanced configuration guide. I have one server in a cloud which has docker installation with couple of services and netbird agent installed in the same network with docker services. I've deleted default access policy rule and added custom one, which allows the only UDP traffic.
I've added a new route with peer and the docker network.
And traffic began to flow from User peer to OracleDC peer, but not the traffic which is limited by the access policy rule, but any traffic. So, in this case I allowed the only UDP traffic, but I can ping hosts in remote network and access to the services on 80,443/tcp ports.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Limited traffic according to created Access Policy.
Are you using NetBird Cloud?
self-host NetBird's control plane.
NetBird version
0.26.3
Thank you