77ef591498
Here, we make further modifications to reorganize and clean-up the firewall rules generation file. 1. We remove the sets allowed_ipv4_cidrs/allowed_ipv6_cidrs. These are not used anymore. Those sets were added with the initial implementation when our firewall rules did not have ports. However, now, even if we add a rule without specifying a port, the default behavior is to set all the ports. Therefore, these sets are not used, the rules that use them are also removed in the previous commit. 2. We add comments to the necessary places. 3. We further increase the rules to allow pings for all addresses. 4. Modify tests to use the new firewall rules nftables definition.
11 KiB
11 KiB