Skip to content

[management] remove toAll firewall rule #4725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[management] remove toAll firewall rule #4725

wants to merge 1 commit into from
+148 −15

Conversation

@crn4
Copy link
Contributor

@crn4 crn4 commented Oct 30, 2025

Describe your changes

Issue ticket number and link

Stack

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

  • I added/updated documentation for this change
  • Documentation is not needed for this change (explain why)
    changes in firewall rules internal details

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

Copilot AI review requested due to automatic review settings October 30, 2025 12:50
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 30, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR removes the optimization that used "0.0.0.0" as a wildcard IP address in firewall rules when all peers in a group were targeted. Instead, firewall rules now explicitly list individual peer IP addresses.

  • Removed the logic that calculated whether a rule applied to all peers and used "0.0.0.0" as a shorthand
  • Updated firewall rule generation to always use specific peer IP addresses
  • Modified test expectations to reflect explicit peer IPs instead of wildcard addresses

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
management/server/types/account.go Removed "GetGroupAll()" call and the conditional logic that set PeerIP to "0.0.0.0" for rules applying to all peers
management/server/policy_test.go Updated test expectations to assert on individual peer IP addresses instead of wildcard "0.0.0.0" entries, adjusting expected firewall rule counts accordingly

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mlsmaycon mlsmaycon changed the title remove toAll firewall rule [management] remove toAll firewall rule Nov 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mlsmaycon mlsmaycon mlsmaycon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@crn4 @mlsmaycon