metal-stack/firewall-controller
A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics
GoMIT
Issues
- 0
- 0
- 0
source port reuse in egress masquerading
#180 opened by mwennrich - 1
- 1
Rename to firelet
#139 opened by majst01 - 0
Stale state in DNS-based CWNPs
#173 opened by mreiger - 0
After firewall-update, nftables/node_exporter endpoints point to wrong ip address
#167 opened by mwennrich - 5
package drops despite egress rule
#163 opened by JoergReinhold - 0
Support MSS Clamping definition through CWNP
#160 opened by majst01 - 1
accelerate forwarding by using nftables flowtables.
#157 opened by majst01 - 0
Implement SSH Key Rotation
#154 opened by Gerrit91 - 1
DNS based policies do not work with CNAMEs
#135 opened by mreiger - 0
Consider dns ebpf based snooping
#153 opened by majst01 - 0
- 1
Make CWNP Validation more strict
#150 opened by majst01 - 3
- 0
auto-restart of firewall-controller every 5 minutes
#147 opened by mwennrich - 1
- 0
Controller download URL must be secured by signature
#104 opened by Gerrit91 - 0
- 4
- 2
- 2
unable to gather nftables counter
#55 opened by mwennrich - 0
Proposal: store DNS state in ConfigMap
#130 opened by GrigoriyMikhalkin - 2
nftables reloaded even if nothing changed
#100 opened by majst01 - 10
DNS based policy for egress
#79 opened by GrigoriyMikhalkin - 1
Migrate metal-networker code to this repository
#83 opened by majst01 - 0
remove ingress rules from cwnp spec
#128 opened by mwennrich - 3
Log new connections
#117 opened by majst01 - 0
- 0
Add current version into Firewall Status
#108 opened by majst01 - 1
Config temp files are rendered in destination folder
#111 opened by Gerrit91 - 0
Add version command / flag
#107 opened by Gerrit91 - 2
- 4
- 4
Allow running firewall-controller from PRs
#97 opened by Gerrit91 - 2
- 1
Nftables rules for transparent DNS proxy
#84 opened by mwindower - 7
auto-update not working across filesystems
#91 opened by mwennrich - 1
- 2
- 1
Hitting Github API rate limits
#80 opened by Gerrit91 - 5
implementation is not matching the cwnp spec
#73 opened by mwennrich - 1
Export const clusterwideNPNamespace
#70 opened by LimKianAn - 0
Validate ClusterwideNetworkPolicy Objects
#63 opened by mwindower - 0
- 6
Egress IP can still be used after free
#64 opened by Gerrit91 - 1
Self-Reconcilation
#57 opened by mwindower - 0
Support multiple SNAT addresses
#51 opened by mwindower - 0