netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

Policies not applies by ports

Open SuperKali opened this issue 4 months ago • 0 comments

Describe the problem

I tried to create a policy with a port that is actually not listening, but in any case the others are not discarded and always go through the policy, example, port 3000 is a nextcloud instance that goes over the tunnel and then ends up a vm in the cloud where I have Nginx Proxy Manager installed.

To Reproduce

Steps to reproduce the behavior:

  1. Go to 'Policies'
  2. I edited the current policy where is set to all
  3. I put a differente TCP port, for example 1
  4. The port 3000 is still reacheable from the second peer

Expected behavior

It should theoretically allow only port 1 (tcp) output and not the entire traffic

Are you using NetBird Cloud?

No I am using the latest version of Netbird in selfhost.

NetBird version

root@spclapit01:/home/ubuntu# netbird version 0.47.2 root@spclapit01:/home/ubuntu#

Debug output

To help us resolve the problem, please attach the following anonymized status output

root@spclapit01:/home/ubuntu# netbird status -dA Peers detail: vm2-deb-1.anon-hk2vO.domain: NetBird IP: 100.71.68.93 Public key: akhsxQtVag/Tg88Y60NAJ/YPCwzOFEUzRPL4sLFXsiM= Status: Connected -- detail -- Connection type: P2P ICE candidate (Local/Remote): host/srflx ICE candidate endpoints (Local/Remote): 10.0.0.104:51820/198.51.100.0:57851 Relay server address: rels://netbird.anon-KYAa2.domain:443 Last connection update: 2 minutes, 28 seconds ago Last WireGuard handshake: 28 seconds ago Transfer status (received/sent) 160.5 KiB/18.0 KiB Quantum resistance: false Networks: 10.128.0.101/32 Latency: 31.345318ms

vm5.anon-hk2vO.domain: NetBird IP: 100.71.187.50 Public key: UXaF+aW1XXgnJA6CT+ZMxNyI17Kw+aZ7uVZEhFtpGhQ= Status: Connected -- detail -- Connection type: P2P ICE candidate (Local/Remote): host/host ICE candidate endpoints (Local/Remote): fdba:17c8:6c94::1011:51820/2a0d:52c0:500f:0:c9f:40ff:fe3d:ba50:51820 Relay server address: rels://netbird.anon-KYAa2.domain:443 Last connection update: 2 minutes, 29 seconds ago Last WireGuard handshake: 15 seconds ago Transfer status (received/sent) 5.4 MiB/58.0 KiB Quantum resistance: false Networks: 192.168.179.11/32, 192.168.179.23/32, 192.168.179.33/32 Latency: 31.771321ms

Events: [WARNING] DNS (293ec59d-52fa-417b-9f2f-5d5fb2d71f16) Message: All upstream servers failed (probe failed) Time: 2 days, 2 hours ago Metadata: upstreams: 192.168.179.23:53 [INFO] SYSTEM (1d90c7f3-a106-4e3d-bad2-7d54d7b04140) Message: Network map updated Time: 2 days, 2 hours ago [INFO] SYSTEM (007faa60-e8c4-4bb2-95f7-8c023ba46f44) Message: Network map updated Time: 11 minutes, 18 seconds ago [INFO] SYSTEM (be250140-f4ef-4018-86e8-b1ac9ac644be) Message: Network map updated Time: 9 minutes, 47 seconds ago [WARNING] DNS (5c366ddd-8e4c-4865-a836-df9fae35aab3) Message: All upstream servers failed (probe failed) Time: 2 minutes, 35 seconds ago Metadata: upstreams: 192.168.179.23:53 [INFO] SYSTEM (10bc915b-8f5a-4285-a6e1-4951ae5a05e9) Message: Network map updated Time: 2 minutes, 35 seconds ago OS: linux/arm64 Daemon version: 0.47.2 CLI version: 0.47.2 Management: Connected to https://netbird.anon-KYAa2.domain:443 Signal: Connected to https://netbird.anon-KYAa2.domain:443 Relays: [stun:netbird.anon-KYAa2.domain:3478] is Available [turn:netbird.anon-KYAa2.domain:3478?transport=udp] is Available [rels://netbird.anon-KYAa2.domain:443] is Available Nameservers: [192.168.179.23:53] for [anon-W1rx0.domain] is Available FQDN: spclapit01.anon-hk2vO.domain NetBird IP: 100.71.110.5/16 Interface type: Kernel Quantum resistance: false Lazy connection: false Networks: - Forwarding rules: 0 Peers count: 2/2 Connected root@spclapit01:/home/ubuntu#

Create and upload a debug bundle, and share the returned file key:

root@spclapit01:/home/ubuntu# netbird debug for 1m -AS -U Log level set to trace. Netbird down Netbird up Remaining time: 00:00:01 Duration completed Creating debug bundle... Log level restored to INFO Local file: /tmp/netbird.debug.2812727543.zip Upload file key: b7a6162705513534b0962a2095021bd8bac408975ef59f2ba7e62fc8feaefd85/5c533296-4a6a-447b-a200-c20829868f37

Screenshots

Image

Have you tried these troubleshooting steps?

  • [x] Reviewed client troubleshooting (if applicable)
  • [x] Checked for newer NetBird versions
  • [x] Restarted the NetBird client

SuperKali avatar Jun 20 '25 08:06 SuperKali