Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for negated addresses #40

Merged
merged 2 commits into from
Jan 25, 2024
Merged

Add support for negated addresses #40

merged 2 commits into from
Jan 25, 2024

Conversation

CaBeckmann
Copy link
Collaborator

Static addresses can now be negated by prefixing them with the '!'
operator. Negated addresses will be loaded into the configured pf tables
immediately when pfresolved starts and will prevent the pf tables from
matching these addresses.

If a host resolves to such an address it will just reference the negated
address internally, preventing the resolved address from being added to
the pf table in the non-negated form.

Also add tests for this feature:

  • Test that negated addresses are added into pf tables and that hosts
    resolving to these addresses won't have their addresses added to the
    table.
  • Test that networks cannot be negated.
  • Test that the same address cannot be specified in normal and negated
    form.

bluhm
bluhm requested changes Jan 24, 2024
View reviewed changes
Copy link
Contributor

@bluhm bluhm left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two minor issues. The "not" variable and field name is kind of bike shedding.

parse.y Outdated Show resolved Hide resolved
regress/Proc.pm Outdated Show resolved Hide resolved
Carsten Beckmann added 2 commits January 25, 2024 12:12
Add support for negated addresses
bbee688 
Static addresses can now be negated by prefixing them with the '!'
operator. Negated addresses will be loaded into the configured pf tables
immediately when pfresolved starts and will prevent the pf tables from
matching these addresses.

If a host resolves to such an address it will just reference the negated
address internally, preventing the resolved address from being added to
the pf table in the non-negated form.
Add tests for negated addresses
c60c212 
Test that negated addresses are added into pf tables and that hosts
resolving to these addresses won't have their addresses added to the
table.
Test that networks cannot be negated.
Test that the same address cannot be specified in normal and negated
form.
@bluhm bluhm merged commit 1093408 into master Jan 25, 2024
1 check passed
@bluhm bluhm deleted the address_negation branch January 25, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bluhm bluhm bluhm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CaBeckmann @bluhm