Comments (6)
I guess the idea was to support a more advanced firewall rule that could define also the source port
from nautobot-app-firewall-models.
Yeah, we'll definitely need to maintain a way to specify source port, there are certainly many examples of needing a source port (DHCP or DNS for instance).
I think for the service relationship to move to PolicyRule
that will also require adding source port to the Service
model. My concern with the way it is now is that you could get a situation where your source relationship has a different IP protocol than your destination relationship.
from nautobot-app-firewall-models.
I see. Your main concern is about protocol/port consistency.
This inconsistency could be mitigated by using data validation when two services are defined in the same rule, so the protocol
is validated then.
from nautobot-app-firewall-models.
I think my this is my main question: Is there a use case where a service needs to be defined as a pair of services (source and destination)? If not, we can simplify the firewall models by moving the service relationship to the policy rule and adding an optional source port field.
As it is right now, to create a rule like "permit tcp host 10.1.1.1 host 10.2.2.2 eq 22" you would need to create a service policy object with nothing in it for the source and a second service policy object for tcp/22.
from nautobot-app-firewall-models.
@abates , I was looking for some example of having a source port, and I have not been able to find one. So, it would align with your view.
Just to get more points, please ask in #ask-architecture to see if someone has other experience/idea
from nautobot-app-firewall-models.
Done
from nautobot-app-firewall-models.
Related Issues (20)
- AttributeError in running Generate FW Config via Capirca job
- Add M2M pre_change signal to `Policy.policy_rules` & signal for `PolicyRule.index` to enforce uniqueness on index of rules in a single policy
- More flexibly link zones to addresses/subnet/prefixes
- Server Error on policy when assigned to dynamic group
- Migrate zero fails when data is currently loaded in the app
- Ability to model virtual contexts HOT 1
- Creating Policy Rule Without Name Makes Object Directly Uneditable in UI
- Replace Capirca dependency with Aerleon
- Tags missing from Object model via API HOT 1
- Enable Config Contexts
- NatPolicy View fails to load
- Policy Rule list view clone rule
- Error deleting device with nautobot-app-firewall-models policy assigned
- Policy rules with same index value can be assigned to same policy
- Delete policy rule from list view error
- Refine Policy and PolicyRule Objects to Allow Duplicates with Variations
- Support for ICMP Types Missing
- Support for IP Fragments Missing HOT 1
- Add Support for Time Ranges
- Unable to Specify "Any" for Protocol
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nautobot-app-firewall-models.