experiment with not filtering out non-common addresses in hostinfo.networks

2025-11-22 08:24:25 +01:00 · 2025-10-06 15:02:37 -05:00
parent fa8c013b97
commit 889d49ff82
5 changed files with 91 additions and 32 deletions
--- a/firewall.go
+++ b/firewall.go
@@ -429,6 +429,7 @@ func (f *Firewall) Drop(fp firewall.Packet, incoming bool, h *HostInfo, caPool *
 		return nil
 	}

+	// TODO if we don't have a network in common with this packet's source IP, (and it's not for an unsafe_network), do we reject it?
 	// Make sure remote address matches nebula certificate
 	if h.networks != nil {
 		if !h.networks.Contains(fp.RemoteAddr) {