user should be able to configure 0.0.0.0/0 deny all rule

Question

user should be able to configure 0.0.0.0/0 deny all rule

Closed this issue 2 years ago · 0 comments

we should allow users to configure something like this

apiVersion: ingressnodefirewall.openshift.io/v1alpha1
kind: IngressNodeFirewall
metadata:
  name: ingressnodefirewall-denyall
spec:
  interfaces:
  - eth0
  nodeSelector:
    matchLabels:
      do-node-ingress-firewall: 'true'
  ingress:
  - sourceCIDRs:
       - 0.0.0.0/0
    rules:
    - order: 20
      action: Deny

in case after configuring all the whitelist rules we need to drop everything else
user will be responsible to whitelist all ports their application will use in this case to ensure proper functionality