Access Control: possibility to create not bidirectional rules (one direction) & port ranges in ACLs

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.

https://netbird.io

BSD 3-Clause "New" or "Revised" License

11.34k stars 520 forks source link

Access Control: possibility to create not bidirectional rules (one direction) & port ranges in ACLs #2320

Open florian-obradovic opened 4 months ago

florian-obradovic commented 4 months ago

Dear Team,

as an admin I want to create one-way / not bidirectional ACLs where I am allowed to:

ICMP ping everyone (I want to ping all machines but they shouldn't be allowed to ping all admin machines) < this works with stateful firewalls
access all machines with all ports for all protocols / or two rules for each proto (UDP / TCP)
define port ranges in ACL like 1433-1438 or 1-65535

CleanShot 2024-07-24 at 22 56 47@2x

Best regards, Flo.

Gauss23 commented 2 months ago

+1 from my side. That's really an important feature.

JonTheNiceGuy commented 1 month ago

Partial-duplicate of #1328

ThHirsch commented 3 weeks ago

+1, otherwise following best practices in 'least privilege' setup is a faaar too tedious task.

ThHirsch commented 1 week ago

Hmm, the API documentation is stating, that port RANGES can be specified. see: Api-docu which states elemnts of "port_ranges - start - end' So is this just a missing piece int the current UI and we could create port-ranges for TCP and UDP by API already? Are there any plans to to have it in the UI soon?