Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall: Add missing sport for IPv6 with missing destination_addresses #105

Merged
merged 3 commits into from
Jan 1, 2024

Conversation

bastelfreak
Copy link
Member

This relies on additional changes in #104

Usually we parse the src port for incoming packets / the dst port for outgoing packets from the $endpoint param
The param is optional, in case you want to create a passive endpoint for clients with dynamic ip addresses
In those cases we still need to create firewall rules, but without src port for incoming packets / the dst port
To make this all a bit easier, we also added a new parameter, $endpoint_port, which takes precedence over parsing $endpoint.

Previously the catalog compilation failed with:
```
Evaluation Error: Left match operand must result in a String value. Got an Undef Value.
```

Because of: `if $endpoint =~  /:(\d+)$/ {`

This test verifies that the current code is broken.
Usually we parse the src port for incoming packets / the dst port for outgoing packets from the $endpoint param The param is optional, in case you want to create a passive endpoint for clients with dynamic ip addresses In those cases we still need to create firewall rules, but without src port for incoming packets / the dst port To make this all a bit easier, we also added a new parameter, $endpoint_port, which takes precedence over parsing $endpoint.

Previously the catalog compilation failed with:
```
Evaluation Error: Left match operand must result in a String value. Got an Undef Value.
```

Because of: `if $endpoint =~  /:(\d+)$/ {`

#103 verifies that the
current code is broken.

Thew new code adds a safeguard to check if $endpoint is set. we also add
a new parameter in case we want to explicitly set the port.
@bastelfreak bastelfreak added the bug Something isn't working label Jan 1, 2024
@bastelfreak bastelfreak self-assigned this Jan 1, 2024
@sebastianrakel sebastianrakel merged commit dd58ab9 into master Jan 1, 2024
12 checks passed
@sebastianrakel sebastianrakel deleted the allow3 branch January 1, 2024 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants