Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose ability to limit redirect to source IPs #767

Merged
merged 2 commits into from
May 18, 2024
Merged

Expose ability to limit redirect to source IPs #767

merged 2 commits into from
May 18, 2024

Conversation

n-connect
Copy link
Contributor

Connected to issue #761 the first batch of changes in a PR -> extending expose to be able to handle source IP limitations on jail (bhyve[?]) redirects.

Looking for the expansion of CBSD, ClonOS, myBee, XigmaNAS plugins, QT app, I think its fits into to direction, eg. CBSD can have better FW control and be able to merge into / handle host's own pf (beside the existing %CBSDWORKDIR%/etc/pf.conf)

These commits add:

  • additional column to system-wide expose sqlite shema,
  • adds the capability to tools/expose to specify source IPs for redirects

To be added -> howto handle the existing host pf.conf:

@olevole,

I've had difficulties make work the SQLite's default values even with "NOT NULL". If you know the working way, please let me know -> two exception handling can be removed.

Also, no migration script added:

  • existing tables to be upgraded,
  • more interesting: existong pfrdr.conf to be managed (or recreated). The harder

@n-connect
Expose ability to limit redirect to source IPs
b33b19a 
These commits add:
- additional column to system-wide expose sqlite shema,
- adds the capability to tools/expose to specify source IPs for redirects
@n-connect
clearing cli outputs
40170ce 
coment out echoes, and redirect cbsd cli output on empty argument check, while figure out better way
@n-connect n-connect mentioned this pull request May 18, 2024
Open
@olevole olevole merged commit c40eb6f into cbsd:develop May 18, 2024
@olevole
Copy link
Member

olevole commented May 18, 2024

@n-connect fantastic! Yeah, I remember you asking about that. However, I am not using pf at this time so could not find an opportunity to do the job.

Yes, the migration of the scheme is relevant, I will return to this issue a little later when I test it before the next release. Thank you!

@n-connect
Copy link
Contributor Author

Thanks!

Since my last post here, have found the proper way handling the default values in SQLite during add rows:

  • when creating a new row, one needs to simply omit / not add the column name in question and the default value will be created. It can be applied for expose to be more elegant.
  • So expect some fine-tunes/fixes for expose in the future
  • Also tests we are very welcome

I'm testing & thinking about how, and where to put the code for merging with the overall host pf.conf as the second layer for this functionality, hence the testing with XigmaNAS with the full vs. embedded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@n-connect @olevole