Hi guys, I have a question about setting up ACL.
I can set up ACL to allow devices that have tag:shared to connect to a web application/port-11 on devices that have tag:server. After connecting to the web application successfully, I cannot access to internet anymore.
for example:
I have a my laptop with tag:shared;
My remote server with tag:server; On the server, I have two containers; one container port 11 and one port 22
I can use ACL to set up my laptop, tag:shared, to connect to container port 11, but not container port 22, which is great and is the way I want.
But after that I cannot connect to the internet at all. I am not sure if I set up ACL correctly
my ACL set up:
// Example/default ACLs for unrestricted connections.
{
// Declare static groups of users beyond those in the identity service.
“groups”: {
“group:admin”: [“myemail@gmail.com”],
},
// Declare convenient hostname aliases to use in place of IP addresses.
"hosts": {
"example-host-1": "100.100.100.100",
},
"tagOwners": {
"tag:server": ["myemail@gmail.com"],
"tag:shared": ["myemail@gmail.com"],
},
// Access control lists.
"acls": [
// Match absolutely everything.
// Comment this section out if you want to define specific restrictions.
// {
"action": "accept",
"src": ["tag:shared"],
"dst": ["tag:server:11"],
},
],
"ssh": [
// Allow all users to SSH into their own devices in check mode.
// Comment this section out if you want to define specific restrictions.
{
"action": "check",
"src": ["autogroup:members"],
"dst": ["autogroup:self"],
"users": ["autogroup:nonroot", "root"],
},
],
}
Is there a way or instruction to allow a tagged device to access to a server:port + internet?