metal-stack/firewall-controller issues and pull requests

#169 - Fix module version

Pull Request - State: open - Opened by majst01 about 1 year ago

#168 - Reconcile firewall at least every three minutes.

Pull Request - State: closed - Opened by Gerrit91 about 1 year ago

#167 - After firewall-update, nftables/node_exporter endpoints point to wrong ip address

Issue - State: closed - Opened by mwennrich about 1 year ago

#166 - Implement webhook server.

Pull Request - State: open - Opened by Gerrit91 about 1 year ago

#165 - set conntrack max and hashsize on startup

Pull Request - State: closed - Opened by majst01 about 1 year ago

#164 - Update to go-1.21

Pull Request - State: closed - Opened by majst01 about 1 year ago

#163 - package drops despite egress rule

Issue - State: closed - Opened by JoergReinhold about 1 year ago - 5 comments

#162 - Retry update on firewall-monitor resource.

Pull Request - State: closed - Opened by Gerrit91 about 1 year ago

#161 - tcpmss clamping in egress policies

Pull Request - State: open - Opened by chbmuc over 1 year ago

#160 - Support MSS Clamping definition through CWNP

Issue - State: open - Opened by majst01 over 1 year ago

#159 - Remove dependency from GEPM.

Pull Request - State: closed - Opened by Gerrit91 over 1 year ago

#158 - Add a flowtable to speed up forwarding

Pull Request - State: open - Opened by majst01 over 1 year ago
Labels: do not merge

#157 - accelerate forwarding by using nftables flowtables.

Issue - State: closed - Opened by majst01 over 1 year ago - 1 comment

#156 - Implement shoot migration.

Pull Request - State: open - Opened by Gerrit91 over 1 year ago

#155 - Implement SSH key rotation.

Pull Request - State: closed - Opened by Gerrit91 over 1 year ago

#154 - Implement SSH Key Rotation

Issue - State: closed - Opened by Gerrit91 over 1 year ago

#153 - Consider dns ebpf based snooping

Issue - State: open - Opened by majst01 over 1 year ago

#152 - use secrets generated by secretsmanager

Pull Request - State: closed - Opened by mwennrich over 1 year ago

#151 - default to any for empty fields is not working anymore

Issue - State: open - Opened by mwennrich over 1 year ago

#150 - Make CWNP Validation more strict

Issue - State: open - Opened by majst01 over 1 year ago - 1 comment

#149 - Fix updater causing restarts.

Pull Request - State: closed - Opened by Gerrit91 over 1 year ago

#148 - Fix reconciliation triggers.

Pull Request - State: closed - Opened by Gerrit91 over 1 year ago

#147 - auto-restart of firewall-controller every 5 minutes

Issue - State: closed - Opened by mwennrich over 1 year ago

#146 - dns-based cwnp only in effect if changed after creation

Issue - State: closed - Opened by mwennrich over 1 year ago - 1 comment

#145 - Pattern matching behavior changed / is partially broken

Issue - State: closed - Opened by Gerrit91 over 1 year ago - 3 comments

#144 - Replace multierr

Pull Request - State: closed - Opened by majst01 over 1 year ago

#143 - Consider configured ips from install.yaml as always required

Pull Request - State: closed - Opened by majst01 over 1 year ago

#142 - Do not ignore error when reading link by name.

Pull Request - State: closed - Opened by Gerrit91 over 1 year ago

#141 - Update nftables exporter

Pull Request - State: closed - Opened by majst01 over 1 year ago

#140 - Bump golang.org/x/net from 0.2.0 to 0.7.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies

#139 - Rename to firelet

Issue - State: open - Opened by majst01 over 1 year ago

#138 - Follow CNAME and DNAME records

Pull Request - State: closed - Opened by mreiger almost 2 years ago - 3 comments

#137 - Fix subdomain pattern matching

Pull Request - State: closed - Opened by mreiger almost 2 years ago

#136 - DNS based policies: Pattern matching does not match subdomains

Issue - State: closed - Opened by mreiger almost 2 years ago
Labels: bug

#135 - DNS based policies do not work with CNAMEs

Issue - State: closed - Opened by mreiger almost 2 years ago - 1 comment

#134 - Escape dns queries from snat when dns proxy is in effect

Pull Request - State: closed - Opened by mreiger almost 2 years ago

#133 - DNS proxy does not work with fixed internet egress address

Issue - State: closed - Opened by mreiger almost 2 years ago - 4 comments

#132 - bump metal-networker

Pull Request - State: closed - Opened by GrigoriyMikhalkin almost 2 years ago

#131 - Adoption to firewall-controller-manager API `firewall.metal-stack.io/v2`

Pull Request - State: closed - Opened by majst01 almost 2 years ago - 2 comments

#130 - Proposal: store DNS state in ConfigMap

Issue - State: open - Opened by GrigoriyMikhalkin almost 2 years ago

#129 - updated README with DNS based egress policies examples

Pull Request - State: closed - Opened by GrigoriyMikhalkin almost 2 years ago

#128 - remove ingress rules from cwnp spec

Issue - State: open - Opened by mwennrich almost 2 years ago

#127 - Remove CRD installation

Pull Request - State: closed - Opened by GrigoriyMikhalkin almost 2 years ago

#126 - evasion of CWNP possible if both clusters share one network

Issue - State: closed - Opened by TLINDEN almost 2 years ago - 2 comments

#125 - Update stern repo URL

Pull Request - State: closed - Opened by peterfromthehill almost 2 years ago

#124 - Use refactored networker

Pull Request - State: closed - Opened by majst01 about 2 years ago

#123 - Also reconcile destination prefixes

Pull Request - State: open - Opened by mreiger about 2 years ago - 2 comments

#122 - Only allow installing signed versions of the firewall-controller binary

Issue - State: open - Opened by Gerrit91 over 2 years ago
Labels: enhancement

#121 - Raise bgp hold and keepalive timers

Pull Request - State: closed - Opened by majst01 over 2 years ago - 1 comment

#120 - update metal-networker to v0.8.3

Pull Request - State: closed - Opened by mwennrich over 2 years ago

#119 - fix gcloud action

Pull Request - State: closed - Opened by majst01 over 2 years ago

#118 - Log accepted new connections

Pull Request - State: closed - Opened by mreiger almost 3 years ago - 7 comments

#117 - Log new connections

Issue - State: closed - Opened by majst01 almost 3 years ago - 3 comments

#116 - check if port is between 0 and 65535

Pull Request - State: closed - Opened by mwennrich almost 3 years ago

#115 - Update controller-runtime, kube-builder, go, alpine and all dependencies, support port-ranges

Pull Request - State: closed - Opened by majst01 almost 3 years ago

#114 - firewall-controller actual version stored in status

Pull Request - State: closed - Opened by GrigoriyMikhalkin over 3 years ago

#113 - added -v flag to show version

Pull Request - State: closed - Opened by GrigoriyMikhalkin over 3 years ago

#112 - render temp nft-rule-file with leading dot

Pull Request - State: closed - Opened by mwennrich over 3 years ago

#111 - Config temp files are rendered in destination folder

Issue - State: closed - Opened by Gerrit91 over 3 years ago - 1 comment

#110 - Revert "Fix for traffic accounting"

Pull Request - State: closed - Opened by majst01 over 3 years ago

#109 - Fix reloading of nftables rules only if semantically changes are detected

Pull Request - State: closed - Opened by majst01 over 3 years ago - 1 comment

#108 - Add current version into Firewall Status

Issue - State: closed - Opened by majst01 over 3 years ago

#107 - Add version command / flag

Issue - State: closed - Opened by Gerrit91 over 3 years ago

#106 - nftables rules update fix

Pull Request - State: closed - Opened by GrigoriyMikhalkin over 3 years ago

#105 - Egress Policies not updating anymore when no changes on CWNPs occur

Issue - State: closed - Opened by Gerrit91 over 3 years ago - 4 comments
Labels: bug

#104 - Controller download URL must be secured by signature

Issue - State: closed - Opened by Gerrit91 over 3 years ago

#103 - enable more linters and fix existing errors

Pull Request - State: closed - Opened by majst01 over 3 years ago

#102 - Use metal-networker with source vrf filtering

Pull Request - State: closed - Opened by mwindower over 3 years ago

#101 - Upload the firewall-controller binary to images.metal-stack.io.

Pull Request - State: closed - Opened by Gerrit91 over 3 years ago - 1 comment

#100 - nftables reloaded even if nothing changed

Issue - State: closed - Opened by majst01 over 3 years ago - 2 comments

#99 - Suricata ips config

Pull Request - State: open - Opened by GrigoriyMikhalkin over 3 years ago

#98 - allow to disable/enable ids logs

Pull Request - State: open - Opened by GrigoriyMikhalkin over 3 years ago - 1 comment

#97 - Allow running firewall-controller from PRs

Issue - State: closed - Opened by Gerrit91 over 3 years ago - 4 comments

#96 - Fix for traffic accounting

Pull Request - State: closed - Opened by majst01 over 3 years ago - 4 comments

#95 - Traffic accounting takes wrong interfaces into account

Issue - State: closed - Opened by majst01 over 3 years ago - 2 comments

#94 - WIP: emit proper event when signature doesn't match

Pull Request - State: closed - Opened by GrigoriyMikhalkin over 3 years ago - 2 comments

#93 - Emit proper error event to status when signature does not match

Issue - State: closed - Opened by Gerrit91 over 3 years ago - 2 comments

#92 - support os-installations with multiple filesystems

Pull Request - State: closed - Opened by mwennrich over 3 years ago

#91 - auto-update not working across filesystems

Issue - State: closed - Opened by mwennrich over 3 years ago - 7 comments

#90 - Use [email protected]

Pull Request - State: closed - Opened by mwindower over 3 years ago

#89 - go.mod fix

Pull Request - State: closed - Opened by mwindower over 3 years ago

#88 - Use [email protected]

Pull Request - State: closed - Opened by mwindower over 3 years ago

#87 - Properly walk go embed directory for CRDs

Pull Request - State: closed - Opened by mwindower over 3 years ago

#86 - add view aggregate clusterrole

Pull Request - State: closed - Opened by majst01 over 3 years ago - 2 comments

#85 - Use [email protected]

Pull Request - State: closed - Opened by mwindower over 3 years ago

#84 - Nftables rules for transparent DNS proxy

Issue - State: closed - Opened by mwindower over 3 years ago - 1 comment

#83 - Migrate metal-networker code to this repository

Issue - State: closed - Opened by majst01 over 3 years ago - 1 comment

#82 - DNS based egress policies

Pull Request - State: closed - Opened by GrigoriyMikhalkin over 3 years ago - 12 comments

#81 - replace statik with go:embed

Pull Request - State: closed - Opened by mwindower over 3 years ago

#80 - Hitting Github API rate limits

Issue - State: closed - Opened by Gerrit91 over 3 years ago - 1 comment

#79 - DNS based policy for egress

Issue - State: closed - Opened by GrigoriyMikhalkin over 3 years ago - 10 comments

#78 - proposal: remove ClusterwideNetworkPolicyReconciler

Issue - State: closed - Opened by GrigoriyMikhalkin over 3 years ago - 2 comments

#77 - Event type info must be normal

Pull Request - State: closed - Opened by mwindower over 3 years ago

#76 - replace statik with `go:embed` available since go 1.16

Issue - State: closed - Opened by majst01 over 3 years ago - 1 comment

#75 - Reconcile network configuration

Pull Request - State: closed - Opened by mwindower over 3 years ago - 2 comments

#74 - Update controller runtime

Pull Request - State: closed - Opened by majst01 over 3 years ago - 3 comments

GitHub / metal-stack/firewall-controller issues and pull requests