metal-stack/firewall-controller

Issues

• DNS-based CWNPs not reliable on hostnames with constantly changing IPs

  #186 opened 18 days ago by mreiger
  0

• Use headless service for nftables-exporter and node-exporter

  #184 opened a month ago by robertvolkmann
  0

• source port reuse in egress masquerading

  #180 opened 4 months ago by mwennrich
  0

• Generate default nftables rule file before first reconcilation

  #65 opened 7 months ago by mwindower
  1

• Rename to firelet

  #139 opened 7 months ago by majst01
  1

• Stale state in DNS-based CWNPs

  #173 opened 8 months ago by mreiger
  0

• After firewall-update, nftables/node_exporter endpoints point to wrong ip address

  #167 opened a year ago by mwennrich
  0

• package drops despite egress rule

  #163 opened a year ago by JoergReinhold
  5

• Support MSS Clamping definition through CWNP

  #160 opened a year ago by majst01
  0

• accelerate forwarding by using nftables flowtables.

  #157 opened a year ago by majst01
  1

• Implement SSH Key Rotation

  #154 opened a year ago by Gerrit91
  0

• DNS based policies do not work with CNAMEs

  #135 opened a year ago by mreiger
  1

• Consider dns ebpf based snooping

  #153 opened a year ago by majst01
  0

• default to any for empty fields is not working anymore

  #151 opened a year ago by mwennrich
  0

• Make CWNP Validation more strict

  #150 opened a year ago by majst01
  1

• Pattern matching behavior changed / is partially broken

  #145 opened a year ago by Gerrit91
  3

• auto-restart of firewall-controller every 5 minutes

  #147 opened a year ago by mwennrich
  0

• dns-based cwnp only in effect if changed after creation

  #146 opened a year ago by mwennrich
  1

• Controller download URL must be secured by signature

  #104 opened a year ago by Gerrit91
  0

• DNS based policies: Pattern matching does not match subdomains

  #136 opened 2 years ago by mreiger
  0

• DNS proxy does not work with fixed internet egress address

  #133 opened 2 years ago by mreiger
  4

• evasion of CWNP possible if both clusters share one network

  #126 opened 2 years ago by TLINDEN
  2

• unable to gather nftables counter

  #55 opened 2 years ago by mwennrich
  2

• Proposal: store DNS state in ConfigMap

  #130 opened 2 years ago by GrigoriyMikhalkin
  0

• nftables reloaded even if nothing changed

  #100 opened 2 years ago by majst01
  2

• DNS based policy for egress

  #79 opened 2 years ago by GrigoriyMikhalkin
  10

• Migrate metal-networker code to this repository

  #83 opened 2 years ago by majst01
  1

• remove ingress rules from cwnp spec

  #128 opened 2 years ago by mwennrich
  0

• Log new connections

  #117 opened 2 years ago by majst01
  3

• Only allow installing signed versions of the firewall-controller binary

  #122 opened 2 years ago by Gerrit91
  0

• Add current version into Firewall Status

  #108 opened 3 years ago by majst01
  0

• Config temp files are rendered in destination folder

  #111 opened 3 years ago by Gerrit91
  1

• Add version command / flag

  #107 opened 3 years ago by Gerrit91
  0

• Traffic accounting takes wrong interfaces into account

  #95 opened 3 years ago by majst01
  2

• Egress Policies not updating anymore when no changes on CWNPs occur

  #105 opened 3 years ago by Gerrit91
  4

• Allow running firewall-controller from PRs

  #97 opened 3 years ago by Gerrit91
  4

• Emit proper error event to status when signature does not match

  #93 opened 3 years ago by Gerrit91
  2

• Nftables rules for transparent DNS proxy

  #84 opened 3 years ago by mwindower
  1

• auto-update not working across filesystems

  #91 opened 3 years ago by mwennrich
  7

• replace statik with `go:embed` available since go 1.16

  #76 opened 3 years ago by majst01
  1

• proposal: remove ClusterwideNetworkPolicyReconciler

  #78 opened 3 years ago by GrigoriyMikhalkin
  2

• Hitting Github API rate limits

  #80 opened 3 years ago by Gerrit91
  1

• implementation is not matching the cwnp spec

  #73 opened 4 years ago by mwennrich
  5

• Export const clusterwideNPNamespace

  #70 opened 4 years ago by LimKianAn
  1

• Validate ClusterwideNetworkPolicy Objects

  #63 opened 4 years ago by mwindower
  0

• Remove migration logic (NetworkPolicy -> ClusterwideNetworkPolicy)

  #54 opened 4 years ago by Gerrit91
  0

• Egress IP can still be used after free

  #64 opened 4 years ago by Gerrit91
  6

• Self-Reconcilation

  #57 opened 4 years ago by mwindower
  1

• Support multiple SNAT addresses

  #51 opened 4 years ago by mwindower
  0

• documentation about automatic ingress rules for services is missing

  #47 opened 4 years ago by mwennrich
  0