Expose reverse-proxy access control rules in netbird expose #6676
constantins2001
started this conversation in
Ideas & Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Problem
The NetBird dashboard already lets reverse-proxy services define Access Control Rules that allow or block traffic by:
The
netbird exposeCLI can create reverse-proxy services from a peer, but today it only exposes authentication-related controls such as password, PIN, and user groups. It does not expose the same IP/CIDR/country filtering controls available in the dashboard.This makes peer-created expose services harder to lock down in automation or terminal-first workflows, especially when a user wants to quickly expose a local service but restrict access to known source IPs or regions.
Current CLI surface
Current
netbird expose --helpincludes:Proposed direction
Add access-control flags to
netbird expose, for example:Suggested flags:
--allow-ip--block-ip--allow-cidr--block-cidr--allow-country--block-countrySingle IP flags can be normalized to CIDRs internally (
/32for IPv4 and/128for IPv6), matching the existing reverse-proxy access restriction model.Scope questions
/32and/128usage?Related links
I opened the issue and PR before seeing the discussion-first contributor flow. Happy to adjust the implementation or pause the PR until maintainers confirm the intended scope.
Beta Was this translation helpful? Give feedback.
All reactions