Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secure farmer lan #33

Merged
merged 4 commits into from
Dec 31, 2024
Merged

secure farmer lan #33

merged 4 commits into from
Dec 31, 2024

Conversation

Omarabdul3ziz
Copy link

@Omarabdul3ziz Omarabdul3ziz commented Dec 24, 2024
edited
Loading

Description

  • block traffic to other nodes on the same lan by dropping packets to the default gateway
  • except the ports for myc/ygg peer discovery

Limitation

  • this only protect the lan network, if a node behind a natted network. devices in the outer network will still be access able

Tested

  • run two nodes with qemu connected to the same interface on host
  • deploy a vm on node1
  • pinging node2 from the vm should be dropped

@Omarabdul3ziz Omarabdul3ziz marked this pull request as draft December 24, 2024 14:33
@Omarabdul3ziz Omarabdul3ziz marked this pull request as ready for review December 30, 2024 13:28
ashraffouda
ashraffouda reviewed Dec 31, 2024
View reviewed changes
pkg/netlight/nft/nft.go
@@ -32,3 +35,85 @@ func Apply(r io.Reader, ns string) error {
}
return nil
}

func applyNftRule(rule []string) error {
cmd := exec.Command(rule[0], rule[1:]...)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's make the code a bit defensive, better to check the rule length first

ashraffouda
ashraffouda requested changes Dec 31, 2024
View reviewed changes
Copy link
Collaborator

@ashraffouda ashraffouda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's make applyRule a bit defensive

@Omarabdul3ziz Omarabdul3ziz merged commit 19e423d into main Dec 31, 2024
22 of 23 checks passed
@Omarabdul3ziz Omarabdul3ziz deleted the main_farmer_security branch December 31, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashraffouda ashraffouda ashraffouda approved these changes

@muhamadazmy muhamadazmy Awaiting requested review from muhamadazmy muhamadazmy is a code owner

@rawdaGastan rawdaGastan Awaiting requested review from rawdaGastan rawdaGastan is a code owner

@xmonader xmonader Awaiting requested review from xmonader xmonader is a code owner

@Eslam-Nawara Eslam-Nawara Awaiting requested review from Eslam-Nawara Eslam-Nawara is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Omarabdul3ziz @ashraffouda