Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-2038

Agent filters can't reject traffic from/to a pod

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • netobserv-1.8
    • netobserv-1.8-candidate
    • None
    • None
    • False
    • None
    • False
    • NetObserv - Sprint 265, NetObserv - Sprint 266

      Description of problem:

      A very simple use case of filters would be to reject traffic from/to a given IP. It doesn't seem to be possible.

      Steps to Reproduce:

      1. deploy netobserv, and get the IP of any workload that generates regular traffic (in and out). For this example, I have 10.128.2.27
2. create a filter, I tried two configs:
2a: [{action: Reject, cidr: 10.128.2.27/32}]
2b: [{action: Reject, cidr: 10.128.2.27/32}, {action: Accept, cidr: 0.0.0.0/0}]

      Actual results:

      With 2a: no more traffic is generated, everything is dropped
With 2b: it only rejects traffic from 10.128.2.27 but not traffic to 10.128.2.27

      Expected results:

      Both traffic from and to 10.128.2.27 should be rejected

       

              mmahmoud@redhat.com Mohamed Mahmoud (Inactive)
              jtakvori Joel Takvorian
              Amogh Rameshappa Devapura Amogh Rameshappa Devapura
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: