fix(network.threat.manager): Fix flooding protection backport #4830
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marcellorinaldo
approved these changes
Sep 4, 2023
|
The Sonar checks fail for some code duplication. This can acceptable since it's a portion duplicated in the old and new firewall implementation. |
Signed-off-by: pierantoniomerlino <[email protected]>
Signed-off-by: pierantoniomerlino <[email protected]>
pierantoniomerlino
force-pushed
the
fix_flooding_protection_backport
branch
from
eb26ec9 to
43d6c70
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a default set of rules for the firewall filter table if the flooding protection is enabled.
Description of the solution adopted: The
network.threat.manageradds a set of firewall rules for flooding protection. These rules are mainly applied to the mangle table, but there are situations where more rules are needed to the filter tables. The currentFirewalConfigurationServiceImpl.addFloodingProtectionRulesmethod doesn't allow this, so this PR adds a basic set of default rules to the filter tables when the flooding protection is enabled.The code is replicated both in the old
org.eclipse.kura.net.adminand the neworg.eclipse.kura.net.admin.firewall.