netmaker icon indicating copy to clipboard operation
netmaker copied to clipboard

Published 20 hours ago verified publisher icon gravitl

Restrict nodes access to specific IPs

Open sleepy-soul opened this issue 1 year ago • 2 comments

Hi,

I have a setup Netmaker and have attached is the graph of my nodes. As you can see one node, docker-alpha is acting as an egress gateway to 10.0.0.0/16. All the other nodes in this network can access this subnet range since the routes will be published. But I want to restrict the bottom node, named Prod to access only 10.0.0.5 from this range and block access to all other IPs in this /16 range.

I have read the documentation on restriciting an entire node to not access a specific node with ACL's. But haven't found anything about this. Is the possible currently via netmaker that I can restrict access only to specific IPs in an egress gateway?

netmaker

Thanks in advance.

sleepy-soul avatar Mar 18 '23 16:03 sleepy-soul

image

You could try the allowed ip setting or a postup iptables command.

cdpb avatar Mar 26 '23 14:03 cdpb

This is not currently possible. We have discussed moving ACL's to be based on allowedips, but would require a big refactor, so is not currently in scope.

afeiszli avatar Mar 28 '23 08:03 afeiszli