ACL is adding ALLOW rule that should not be added #1153
Description
When creating a rule it adds a ALLOW rule before all the specific ALLOW and DENY rules. This rule should not be added in my opinion. Because now the Devs group have access to all the network devices.
ip saddr { x.x.x.5-x.x.x.9 } counter packets 0 bytes 0 accept comment "ACL 22 - Devs Access ALLOW"
Is is adding the allow rule above the all other rules. With
type filter hook forward priority filter; policy drop;
iifname != "wg0" counter packets 284 bytes 17120 accept comment "Ignore traffic not related to the VPN"
ct state established,related counter packets 282 bytes 16920 accept comment "Allow established and related traffic"
ip saddr { x.x.x.2-x.x.x.4 } counter packets 0 bytes 0 accept comment "ACL 17 - DevSecOps Access ALLOW"
ip saddr { x.x.x.5-x.x.x.9 } counter packets 0 bytes 0 accept comment "ACL 22 - Devs Access ALLOW"
ip saddr { x.x.x.5-x.x.x.9 } ip daddr { x.x.xx.80 } counter packets 0 bytes 0 accept comment "ACL 22 - Devs Access, ALIAS 5 - APP1 ALLOW"
ip saddr { x.x.x.5-x.x.x.9 } ip daddr { x.x.xx.70 } counter packets 0 bytes 0 accept comment "ACL 22 - Devs Access, ALIAS 6 - APP2 ALLOW"
ip saddr { x.x.x.5-x.x.x.9 } ip daddr { x.x.xx.60 } tcp dport { 53 } counter packets 0 bytes 0 accept comment "ACL 22 - Devs Access, ALIAS 7 - APP3 ALLOW"
ip saddr { x.x.x.5-x.x.x.9 } ip daddr { x.x.xx.60 } udp dport { 53 } counter packets 0 bytes 0 accept comment "ACL 22 - Devs Access, ALIAS 7 - APP3 ALLOW"
counter packets 0 bytes 0 drop comment "ACL 17 - DevSecOps Access DENY"
counter packets 0 bytes 0 drop comment "ACL 22 - Devs Access DENY"
ip daddr { x.x.xx.80 } counter packets 0 bytes 0 drop comment "ACL 22 - Devs Access, ALIAS 5 - APP1 DENY"
ip daddr { x.x.xx.70 } counter packets 0 bytes 0 drop comment "ACL 22 - Devs Access, ALIAS 6 - APP2 DENY"
ip daddr { x.x.xx.60 } counter packets 0 bytes 0 drop comment "ACL 22 - Devs Access, ALIAS 7 - APP3 DENY"
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Status