Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Default node-level ACL Rule not working #3020

Open
1 task done
lukazi opened this issue Jul 27, 2024 · 1 comment
Open
1 task done

[Bug]: Default node-level ACL Rule not working #3020

lukazi opened this issue Jul 27, 2024 · 1 comment
Assignees
@afeiszli
Labels
bug Something isn't working

Comments

@lukazi
Copy link

lukazi commented Jul 27, 2024

Contact Details

[email protected]

What happened?

Hi, it seems that the default node-level ACL is not working as expected. I followed Scenario 1: Remote Access to/from Client devices from https://docs.netmaker.io/acls.html .

  1. I created network with default access DENY policy.
  2. I created node A with default access ALLOW policy.
  3. I connected node B using enrollment key.
  4. There is no ALLOW rule in ACLS between A and B.

I am running the latest 24.3 version in the docker environment. All the nodes are linux based (arm and amd64 mix).

Lukas

Version

v0.24.3

What OS are you using?

Linux

Relevant log output

No response

Contributing guidelines

  • Yes, I did.
@lukazi lukazi added the bug Something isn't working label Jul 27, 2024
@lukazi lukazi changed the title [Bug]: Default ACL Rule not working [Bug]: Default node-level ACL Rule not working Jul 27, 2024
@Cirr0e
Copy link

Cirr0e commented Nov 28, 2024

Hi Lukas,

I understand you're having issues with node-level ACL rules not working as expected. Let me help you troubleshoot this.

First, let's verify a few things to ensure proper ACL configuration:

  1. Could you confirm whether Node A and Node B can see each other in the network at all? Even though there's no explicit ALLOW rule, Node A's default ALLOW policy should permit incoming connections.

  2. Check your node configurations:

    • Verify that Node A's default access policy is properly set to ALLOW
    • Confirm that the network-level default DENY policy is active
    • Ensure both nodes are properly enrolled in the network

  3. You might need to explicitly add an ACL rule between the nodes. Try:

    • Add an ALLOW rule from Node B to Node A
    • Check if the ACL rules are visible in the UI/CLI

Based on similar issues we've seen (#1605696136), sometimes ACL rules need to be explicitly defined even with default policies in place.

References:

Important considerations:

  • Docker networking can sometimes interfere with ACL rules
  • Make sure both nodes are running the same Netmaker version
  • Check if there are any firewall rules that might be blocking traffic

Could you please provide:

  1. The output of netclient list from both nodes
  2. Any error messages you're seeing in the logs
  3. Whether you can see the ACL rules in the UI

This will help us better understand the exact issue and provide a more specific solution.

Let me know if you need any clarification!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afeiszli afeiszli

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@afeiszli @lukazi @Cirr0e