Skip to content

Commit

Permalink
fix(firewall): 'create --rules-file' not working with outbound rules (#…
Browse files Browse the repository at this point in the history
…752)

This PR fixes the behavior of the `--rules-file` flag when creating
firewalls. Destination IPs were not parsed correctly which lead to the
request failing when an outbound rule was specified. This was fixed and
tests for outbound rules were added.

Closes #750
  • Loading branch information
phm07 authored May 10, 2024
1 parent 73154e0 commit 2f2be32
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 5 deletions.
19 changes: 14 additions & 5 deletions internal/cmd/firewall/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,21 @@ var CreateCmd = base.CreateCmd{
}
sourceNets = append(sourceNets, *sourceNet)
}
var destNets []net.IPNet
for i, destIP := range rule.DestinationIPs {
_, destNet, err := net.ParseCIDR(destIP)
if err != nil {
return nil, nil, fmt.Errorf("invalid CIDR on index %d : %s", i, err)
}
destNets = append(destNets, *destNet)
}
opts.Rules = append(opts.Rules, hcloud.FirewallRule{
Direction: hcloud.FirewallRuleDirection(rule.Direction),
SourceIPs: sourceNets,
Protocol: hcloud.FirewallRuleProtocol(rule.Protocol),
Port: rule.Port,
Description: rule.Description,
Direction: hcloud.FirewallRuleDirection(rule.Direction),
SourceIPs: sourceNets,
DestinationIPs: destNets,
Protocol: hcloud.FirewallRuleProtocol(rule.Protocol),
Port: rule.Port,
Description: rule.Description,
})
}
}
Expand Down
14 changes: 14 additions & 0 deletions internal/cmd/firewall/create_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,20 @@ func TestCreate(t *testing.T) {
Port: hcloud.Ptr("443"),
Description: hcloud.Ptr("Allow port 443"),
},
{
Direction: hcloud.FirewallRuleDirectionOut,
SourceIPs: nil,
DestinationIPs: []net.IPNet{
{IP: net.IP{28, 239, 13, 1}, Mask: net.IPMask{255, 255, 255, 255}},
{IP: net.IP{28, 239, 14, 0}, Mask: net.IPMask{255, 255, 255, 0}},
{
IP: net.IP{0xff, 0x21, 0x1e, 0xac, 0x9a, 0x3b, 0xee, 0x58, 0x05, 0xca, 0x99, 0x0c, 0x8b, 0xc9, 0xc0, 0x3b},
Mask: net.IPMask{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255},
},
},
Protocol: hcloud.FirewallRuleProtocolTCP,
Port: hcloud.Ptr("80"),
},
},
}).
Return(hcloud.FirewallCreateResult{
Expand Down
14 changes: 14 additions & 0 deletions internal/cmd/firewall/replace_rules_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,20 @@ func TestReplaceRules(t *testing.T) {
Port: hcloud.Ptr("443"),
Description: hcloud.Ptr("Allow port 443"),
},
{
Direction: hcloud.FirewallRuleDirectionOut,
SourceIPs: nil,
DestinationIPs: []net.IPNet{
{IP: net.IP{28, 239, 13, 1}, Mask: net.IPMask{255, 255, 255, 255}},
{IP: net.IP{28, 239, 14, 0}, Mask: net.IPMask{255, 255, 255, 0}},
{
IP: net.IP{0xff, 0x21, 0x1e, 0xac, 0x9a, 0x3b, 0xee, 0x58, 0x05, 0xca, 0x99, 0x0c, 0x8b, 0xc9, 0xc0, 0x3b},
Mask: net.IPMask{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255},
},
},
Protocol: hcloud.FirewallRuleProtocolTCP,
Port: hcloud.Ptr("80"),
},
},
}).
Return([]*hcloud.Action{{ID: 123}, {ID: 321}}, nil, nil)
Expand Down
11 changes: 11 additions & 0 deletions internal/cmd/firewall/testdata/rules.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,16 @@
"0.0.0.0/0",
"::/0"
]
},
{
"direction": "out",
"source_ips": [],
"destination_ips": [
"28.239.13.1/32",
"28.239.14.0/24",
"ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
],
"protocol": "tcp",
"port": "80"
}
]

0 comments on commit 2f2be32

Please sign in to comment.