default to any for empty fields is not working anymore #151

mwennrich · 2023-04-13T09:46:14Z

According to the spec, rules which leave to: or ports: fields empty, the rule should default to any for these fields:

FIELDS:
   ports        <[]Object>
     List of destination ports for outgoing traffic. Each item in this list is
     combined using a logical OR. If this field is empty or missing, this rule
     matches all ports (traffic not restricted by port) 

   to   <[]Object>
     List of destinations for outgoing traffic of a cluster for this rule. Items
     in this list are combined using a logical OR operation. If this field is
     empty or missing, this rule matches all destinations (traffic not
     restricted by destination).

This does not work anymore.

Example:

apiVersion: metal-stack.io/v1
kind: ClusterwideNetworkPolicy
metadata:
  name: allow-to-81
  namespace: firewall
spec:
  egress:
  - ports:
    - port: 81
      protocol: TCP

does not allow traffic on port 81. With an additional

    to:
    - cidr: 0.0.0.0/0

it does still work.

The text was updated successfully, but these errors were encountered:

mwennrich mentioned this issue Aug 28, 2023

package drops despite egress rule #163

Closed

Gerrit91 linked a pull request Sep 6, 2023 that will close this issue

Implement webhook server. #166

Draft

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

default to any for empty fields is not working anymore #151

default to any for empty fields is not working anymore #151

mwennrich commented Apr 13, 2023

default to any for empty fields is not working anymore #151

default to any for empty fields is not working anymore #151

Comments

mwennrich commented Apr 13, 2023