Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implemement IPv4/IPv6 Forwarding Rules Generation #2

Closed
3 tasks done
jonathanio opened this issue Oct 3, 2023 · 1 comment
Closed
3 tasks done

Implemement IPv4/IPv6 Forwarding Rules Generation #2

jonathanio opened this issue Oct 3, 2023 · 1 comment
Assignees
@jonathanio
Labels
priority/normal This is a normal-priority issue or pull request type/enhancement Adding or requesting a new feature

Comments

@jonathanio
Copy link
Contributor

jonathanio commented Oct 3, 2023
edited
Loading

As a Network Engineer
I want to control what traffic enters and leaves VLANs on a network
So that I can limit access to systems as services, as needed.

Description

Currently, the FORWARD chains are only ACCEPT for all traffic, which needs to be properly managed. We need a way to generate the address lists and/or rules in the FORWARD chains so they can be deployed and secure the network.

Notes

This will likely be a set of per-VLAN rules, although we probably want a way to group them, especially for some of my networks, which are grouped and will behave the same.

Acceptance Criteria

  • Update /ip settings and /ipv6 settings to blow IP forwarding on non-routing devices.
  • Create the templates required to generate IPv4 and IPv6 rules.
  • Create the address lists needed to build the forwarding rules to be deployed.
@jonathanio jonathanio added note/spiking This issue is currently being spiked or researched priority/normal This is a normal-priority issue or pull request type/enhancement Adding or requesting a new feature update/configuration Update with changes to tool or service configuratons update/documentation Update with improvements to the documentation update/scripts Update with changes to scripts labels Oct 3, 2023
@jonathanio jonathanio self-assigned this Oct 3, 2023
@jonathanio jonathanio removed note/spiking This issue is currently being spiked or researched update/configuration Update with changes to tool or service configuratons update/documentation Update with improvements to the documentation update/scripts Update with changes to scripts labels Oct 3, 2023
@jonathanio jonathanio mentioned this issue Oct 9, 2023
Open
2 tasks
@jonathanio
Copy link
Contributor Author

The scripts now support the following:

  • Creation of rules which enable port-forwarding from external IPs to internal hosts, with rules to allow all internal VLANs to access the internal IP/Port, and can support hairpin NAT when required too.
  • Creation of shared services which allow more general traffic inside the network (e.g. internal web services which should always be available).
  • Creation of per-VLAN rules which allow control of what traffic should be allowed from each VLAN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanio jonathanio

Labels
priority/normal This is a normal-priority issue or pull request type/enhancement Adding or requesting a new feature
Projects
n3t.uk Networking
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonathanio