From ee600cfc66d07f35eecefc8a9a4495ff4e0e22a7 Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 14 Aug 2023 13:44:48 +0300 Subject: [PATCH 1/9] So that grouping can be reused by subnetConnectivity --- pkg/vpcmodel/grouping.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 5c30e801d..53219dbe4 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -9,7 +9,7 @@ import ( const commaSepartor = "," -type groupingConnections map[Node]map[string][]Node // for each line here can group list of external nodes to cidrs list as of one element +type groupingConnections map[EndpointElem]map[string][]Node // for each line here can group list of external nodes to cidrs list as of one element func (g *groupingConnections) getGroupedConnLines(isSrcToDst bool) []*GroupedConnLine { res := []*GroupedConnLine{} @@ -29,7 +29,7 @@ func (g *groupingConnections) getGroupedConnLines(isSrcToDst bool) []*GroupedCon } func newGroupingConnections() *groupingConnections { - res := groupingConnections(map[Node]map[string][]Node{}) + res := groupingConnections(map[EndpointElem]map[string][]Node{}) return &res } @@ -87,7 +87,7 @@ func (g *groupedExternalNodes) Name() string { return prefix + g.String() } -func (g *groupingConnections) addPublicConnectivity(n Node, conn string, target Node) { +func (g *groupingConnections) addPublicConnectivity(n EndpointElem, conn string, target Node) { if _, ok := (*g)[n]; !ok { (*g)[n] = map[string][]Node{} } From 43e8d41ad03e757e7dca17e2fffb4981806a733d Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 14 Aug 2023 16:24:01 +0300 Subject: [PATCH 2/9] VPCsubnetConnectivity computed and stored on EndpointElem instead of string so that (among others) grouping can be reused --- pkg/ibmvpc/vpc.go | 6 ++--- pkg/vpcmodel/subnetsConnectivity.go | 36 ++++++++++++++--------------- pkg/vpcmodel/vpcConnectivity.go | 8 +++---- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/pkg/ibmvpc/vpc.go b/pkg/ibmvpc/vpc.go index 7519c0800..886d272e8 100644 --- a/pkg/ibmvpc/vpc.go +++ b/pkg/ibmvpc/vpc.go @@ -608,11 +608,11 @@ func (pgw *PublicGateway) ConnectivityMap() map[string]vpcmodel.ConfigBasedConne res := map[string]vpcmodel.ConfigBasedConnectivityResults{} for _, subnetCidr := range pgw.subnetCidr { res[subnetCidr] = vpcmodel.ConfigBasedConnectivityResults{ - IngressAllowedConns: map[string]*common.ConnectionSet{}, - EgressAllowedConns: map[string]*common.ConnectionSet{}, + IngressAllowedConns: map[vpcmodel.EndpointElem]*common.ConnectionSet{}, + EgressAllowedConns: map[vpcmodel.EndpointElem]*common.ConnectionSet{}, } for _, dst := range pgw.destinations { - res[subnetCidr].EgressAllowedConns[dst.Name()] = vpcmodel.AllConns() + res[subnetCidr].EgressAllowedConns[dst] = vpcmodel.AllConns() } } diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index e40c3d6ec..acb6772c4 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -12,9 +12,9 @@ import ( // VPCsubnetConnectivity captures allowed connectivity for subnets, considering nacl and pgw resources type VPCsubnetConnectivity struct { // computed for each node (subnet), by iterating its ConnectivityResult for all relevant VPC resources that capture it - AllowedConns map[string]*ConfigBasedConnectivityResults + AllowedConns map[EndpointElem]*ConfigBasedConnectivityResults // combined connectivity - considering both ingress and egress per connection - AllowedConnsCombined map[string]map[string]*common.ConnectionSet + AllowedConnsCombined map[EndpointElem]map[EndpointElem]*common.ConnectionSet cloudConfig *CloudConfig } @@ -31,11 +31,11 @@ func subnetConnLine(subnet string, conn *common.ConnectionSet) string { func (c *ConfigBasedConnectivityResults) string() string { res := "Ingress: \n" for n, conn := range c.IngressAllowedConns { - res += subnetConnLine(n, conn) + res += subnetConnLine(n.Name(), conn) } res += "Egress: \n" for n, conn := range c.EgressAllowedConns { - res += subnetConnLine(n, conn) + res += subnetConnLine(n.Name(), conn) } return res @@ -46,7 +46,7 @@ var _ = (*VPCsubnetConnectivity).printAllowedConns // avoiding "unused" warning // print AllowedConns (not combined) func (v *VPCsubnetConnectivity) printAllowedConns() { for n, connMap := range v.AllowedConns { - fmt.Println(n) + fmt.Println(n.Name()) fmt.Println(connMap.string()) fmt.Println("-----------------") } @@ -100,7 +100,7 @@ func (c *CloudConfig) convertIPbasedToSubnetBasedResult(ipconn *IPbasedConnectiv // PGW does not allow ingress traffic if namedResources, err := c.ipblockToNamedResourcesInConfig(ipb, true); err == nil { for _, n := range namedResources { - res.IngressAllowedConns[n.Name()] = conn + res.IngressAllowedConns[n] = conn } } else { return nil, err @@ -111,7 +111,7 @@ func (c *CloudConfig) convertIPbasedToSubnetBasedResult(ipconn *IPbasedConnectiv for ipb, conn := range ipconn.EgressAllowedConns { if namedResources, err := c.ipblockToNamedResourcesInConfig(ipb, !hasPGW); err == nil { for _, n := range namedResources { - res.EgressAllowedConns[n.Name()] = conn + res.EgressAllowedConns[n] = conn } } else { return nil, err @@ -166,7 +166,7 @@ func (c *CloudConfig) GetSubnetsConnectivity(includePGW bool) (*VPCsubnetConnect } // convert to subnet-based connectivity result - subnetsConnectivity := map[string]*ConfigBasedConnectivityResults{} + subnetsConnectivity := map[EndpointElem]*ConfigBasedConnectivityResults{} for subnetCidrStr, ipBasedConnectivity := range subnetsConnectivityFromACLresources { subnetNodeSet, err := c.subnetCidrToSubnetElem(subnetCidrStr) if err != nil { @@ -186,7 +186,7 @@ func (c *CloudConfig) GetSubnetsConnectivity(includePGW bool) (*VPCsubnetConnect return nil, err } - subnetsConnectivity[subnetNodeSet.Name()] = configBasedConns + subnetsConnectivity[subnetNodeSet] = configBasedConns } res := &VPCsubnetConnectivity{AllowedConns: subnetsConnectivity, cloudConfig: c} @@ -200,21 +200,21 @@ func (c *CloudConfig) GetSubnetsConnectivity(includePGW bool) (*VPCsubnetConnect } func (v *VPCsubnetConnectivity) computeAllowedConnsCombined() error { - v.AllowedConnsCombined = map[string]map[string]*common.ConnectionSet{} + v.AllowedConnsCombined = map[EndpointElem]map[EndpointElem]*common.ConnectionSet{} for subnetNodeSet, connsRes := range v.AllowedConns { for peerNode, conns := range connsRes.IngressAllowedConns { src := peerNode dst := subnetNodeSet - if src == dst { + if src.Name() == dst.Name() { continue } combinedConns := conns.Copy() // peerNode kind is expected to be Subnet or External - peerNodeObj := v.cloudConfig.NameToResource[peerNode] + peerNodeObj := v.cloudConfig.NameToResource[peerNode.Name()] switch concPeerNode := peerNodeObj.(type) { case NodeSet: - egressConns := v.AllowedConns[concPeerNode.Name()].EgressAllowedConns[subnetNodeSet] + egressConns := v.AllowedConns[concPeerNode].EgressAllowedConns[subnetNodeSet] combinedConns = combinedConns.Intersection(egressConns) case *ExternalNetwork: // do nothing @@ -222,20 +222,20 @@ func (v *VPCsubnetConnectivity) computeAllowedConnsCombined() error { return errors.New(errUnexpectedTypePeerNode) } if _, ok := v.AllowedConnsCombined[src]; !ok { - v.AllowedConnsCombined[src] = map[string]*common.ConnectionSet{} + v.AllowedConnsCombined[src] = map[EndpointElem]*common.ConnectionSet{} } v.AllowedConnsCombined[src][dst] = combinedConns } for peerNode, conns := range connsRes.EgressAllowedConns { src := subnetNodeSet dst := peerNode - if src == dst { + if src.Name() == dst.Name() { continue } combinedConns := conns // peerNode kind is expected to be Subnet or External - peerNodeObj := v.cloudConfig.NameToResource[peerNode] + peerNodeObj := v.cloudConfig.NameToResource[peerNode.Name()] switch peerNodeObj.(type) { case NodeSet: continue @@ -245,7 +245,7 @@ func (v *VPCsubnetConnectivity) computeAllowedConnsCombined() error { return errors.New(errUnexpectedTypePeerNode) } if _, ok := v.AllowedConnsCombined[src]; !ok { - v.AllowedConnsCombined[src] = map[string]*common.ConnectionSet{} + v.AllowedConnsCombined[src] = map[EndpointElem]*common.ConnectionSet{} } v.AllowedConnsCombined[src][dst] = combinedConns } @@ -262,7 +262,7 @@ func (v *VPCsubnetConnectivity) String() string { if conns.IsEmpty() { continue } - strList = append(strList, getConnectionStr(src, dst, conns.String(), "")) + strList = append(strList, getConnectionStr(src.Name(), dst.Name(), conns.String(), "")) } } sort.Strings(strList) diff --git a/pkg/vpcmodel/vpcConnectivity.go b/pkg/vpcmodel/vpcConnectivity.go index cec1e5b3a..f585b84f3 100644 --- a/pkg/vpcmodel/vpcConnectivity.go +++ b/pkg/vpcmodel/vpcConnectivity.go @@ -69,14 +69,14 @@ func NewIPbasedConnectivityResult() *IPbasedConnectivityResult { // ConfigBasedConnectivityResults is used to capture allowed connectivity to/from elements in the vpc config (subnets / external ip-blocks) // It is associated with a subnet when analyzing connectivity of subnets based on NACL resources type ConfigBasedConnectivityResults struct { - IngressAllowedConns map[string]*common.ConnectionSet - EgressAllowedConns map[string]*common.ConnectionSet + IngressAllowedConns map[EndpointElem]*common.ConnectionSet + EgressAllowedConns map[EndpointElem]*common.ConnectionSet } func NewConfigBasedConnectivityResults() *ConfigBasedConnectivityResults { return &ConfigBasedConnectivityResults{ - IngressAllowedConns: map[string]*common.ConnectionSet{}, - EgressAllowedConns: map[string]*common.ConnectionSet{}, + IngressAllowedConns: map[EndpointElem]*common.ConnectionSet{}, + EgressAllowedConns: map[EndpointElem]*common.ConnectionSet{}, } } From 3916e6abc1b6f164f0c17c5f629989e4c5f53f41 Mon Sep 17 00:00:00 2001 From: shirim Date: Mon, 14 Aug 2023 16:34:40 +0300 Subject: [PATCH 3/9] make lint happy --- pkg/vpcmodel/grouping.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 53219dbe4..abcfec551 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -9,7 +9,8 @@ import ( const commaSepartor = "," -type groupingConnections map[EndpointElem]map[string][]Node // for each line here can group list of external nodes to cidrs list as of one element +// for each line here can group list of external nodes to cidrs list as of one element +type groupingConnections map[EndpointElem]map[string][]Node func (g *groupingConnections) getGroupedConnLines(isSrcToDst bool) []*GroupedConnLine { res := []*GroupedConnLine{} From d6580bdd0ff56906934c98b2e77223fbb8813b22 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 15 Aug 2023 13:59:13 +0300 Subject: [PATCH 4/9] added grouping for analysis allSubnets --- cmd/analyzer/parse_args.go | 4 +-- pkg/vpcmodel/grouping.go | 51 +++++++++++++++++++++++++---- pkg/vpcmodel/subnetsConnectivity.go | 19 +++-------- 3 files changed, 52 insertions(+), 22 deletions(-) diff --git a/cmd/analyzer/parse_args.go b/cmd/analyzer/parse_args.go index b373050c7..a32fbb680 100644 --- a/cmd/analyzer/parse_args.go +++ b/cmd/analyzer/parse_args.go @@ -86,8 +86,8 @@ func ParseInArgs(cmdlineArgs []string) (*InArgs, error) { return nil, fmt.Errorf("currently only txt output format supported with %s analysis type", *args.AnalysisType) } - if *args.AnalysisType != allEndpoints && *args.Grouping { - return nil, fmt.Errorf("currently only allEndpoints analysis type supports grouping") + if *args.AnalysisType == singleSubnet && *args.Grouping { + return nil, fmt.Errorf("currently singleSubnet analysis type does not support grouping") } return &args, nil diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index abcfec551..c2741d3e7 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -40,9 +40,18 @@ func newGroupConnLines(c *CloudConfig, v *VPCConnectivity, grouping bool) *Group return res } +func newGroupConnLinesSubnetConnectivity(c *CloudConfig, s *VPCsubnetConnectivity) *GroupConnLines { + res := &GroupConnLines{c: c, s: s, srcToDst: newGroupingConnections(), dstToSrc: newGroupingConnections()} + res.groupExternalAddressesForSubnets() + return res +} + +// GroupConnLines used both for VPCConnectivity and for VPCsubnetConnectivity, one at a time. The other must be nil +// todo: define abstraction above both? type GroupConnLines struct { c *CloudConfig v *VPCConnectivity + s *VPCsubnetConnectivity srcToDst *groupingConnections dstToSrc *groupingConnections GroupedLines []*GroupedConnLine @@ -88,14 +97,14 @@ func (g *groupedExternalNodes) Name() string { return prefix + g.String() } -func (g *groupingConnections) addPublicConnectivity(n EndpointElem, conn string, target Node) { - if _, ok := (*g)[n]; !ok { - (*g)[n] = map[string][]Node{} +func (g *groupingConnections) addPublicConnectivity(ep EndpointElem, conn string, targetNode Node) { + if _, ok := (*g)[ep]; !ok { + (*g)[ep] = map[string][]Node{} } - if _, ok := (*g)[n][conn]; !ok { - (*g)[n][conn] = []Node{} + if _, ok := (*g)[ep][conn]; !ok { + (*g)[ep][conn] = []Node{} } - (*g)[n][conn] = append((*g)[n][conn], target) + (*g)[ep][conn] = append((*g)[ep][conn], targetNode) } // subnetGrouping returns a slice of EndpointElem objects produced from an input slice, by grouping @@ -151,6 +160,36 @@ func (g *GroupConnLines) groupExternalAddresses() { g.GroupedLines = res } +func (g *GroupConnLines) groupExternalAddressesForSubnets() { + // groups public internet ranges in dst when dst is public internet + res := []*GroupedConnLine{} + for src, endpointConns := range g.s.AllowedConnsCombined { + for dst, conns := range endpointConns { + if conns.IsEmpty() { + continue + } + connString := conns.EnhancedString() + hasExternal := false + switch dst.(type) { + case Node: + if dst.(Node).IsPublicInternet() { + hasExternal = true + g.srcToDst.addPublicConnectivity(src, connString, dst.(Node)) + } + } + // since pgw enable only egress src can not be public internet + // not an external connection in source or destination - nothing to group, just append + if !hasExternal { + res = append(res, &GroupedConnLine{src, dst, connString}) + } + } + } + // add to res lines from srcToDst and DstToSrc groupings + res = append(res, g.srcToDst.getGroupedConnLines(true)...) + res = append(res, g.dstToSrc.getGroupedConnLines(false)...) + g.GroupedLines = res +} + // assuming the g.groupedLines was already initialized by previous step groupExternalAddresses() func (g *GroupConnLines) groupSubnetsSrcOrDst(srcGrouping bool) { res := []*GroupedConnLine{} diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index acb6772c4..6bef56410 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -3,9 +3,6 @@ package vpcmodel import ( "errors" "fmt" - "sort" - "strings" - "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) @@ -16,6 +13,8 @@ type VPCsubnetConnectivity struct { // combined connectivity - considering both ingress and egress per connection AllowedConnsCombined map[EndpointElem]map[EndpointElem]*common.ConnectionSet cloudConfig *CloudConfig + // grouped connectivity result + GroupedConnectivity *GroupConnLines } const ( @@ -196,6 +195,8 @@ func (c *CloudConfig) GetSubnetsConnectivity(includePGW bool) (*VPCsubnetConnect return nil, err } + res.GroupedConnectivity = newGroupConnLinesSubnetConnectivity(c, res) + return res, nil } @@ -256,17 +257,7 @@ func (v *VPCsubnetConnectivity) computeAllowedConnsCombined() error { func (v *VPCsubnetConnectivity) String() string { res := "combined connections between subnets:\n" - strList := []string{} - for src, nodeConns := range v.AllowedConnsCombined { - for dst, conns := range nodeConns { - if conns.IsEmpty() { - continue - } - strList = append(strList, getConnectionStr(src.Name(), dst.Name(), conns.String(), "")) - } - } - sort.Strings(strList) - res += strings.Join(strList, "") + res += v.GroupedConnectivity.String() return res } From 0db151ca32708b545aead056493ded81e74ff152 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 15 Aug 2023 14:28:45 +0300 Subject: [PATCH 5/9] update tests --- .../acl_testing5_oldsubnetsBased_withPGW.txt | 6 +- .../acl_testing5subnetsBased_withPGW.txt | 6 +- ...emo_with_instancessubnetsBased_withPGW.txt | 410 +----------------- .../sg_testing1_newsubnetsBased_withPGW.txt | 163 +------ 4 files changed, 16 insertions(+), 569 deletions(-) diff --git a/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt b/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt index 6a415f668..19345a599 100644 --- a/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt @@ -1,11 +1,13 @@ combined connections between subnets: -sub1-1-ky => Public Internet [8.8.8.8/32] : protocol: UDP dst-ports: 53 +sub1-1-ky => Public Internet 8.8.8.8/32 : protocol: UDP dst-ports: 53 sub1-1-ky => sub1-2-ky : protocol: TCP sub1-1-ky => sub1-3-ky : protocol: TCP sub1-2-ky => sub1-1-ky : protocol: TCP sub1-2-ky => sub1-3-ky : protocol: TCP sub1-3-ky => sub1-1-ky : protocol: TCP sub1-3-ky => sub1-2-ky : protocol: TCP -sub2-1-ky => Public Internet [8.8.8.8/32] : protocol: UDP dst-ports: 53 +sub2-1-ky => Public Internet 8.8.8.8/32 : protocol: UDP dst-ports: 53 sub2-1-ky => sub2-2-ky : All Connections sub2-2-ky => sub2-1-ky : All Connections + +connections are stateful unless marked with * diff --git a/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt b/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt index 82e242051..90458b183 100644 --- a/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt @@ -1,5 +1,5 @@ combined connections between subnets: -sub1-1-ky => Public Internet [8.8.8.8/32] : protocol: UDP dst-ports: 53 +sub1-1-ky => Public Internet 8.8.8.8/32 : protocol: UDP dst-ports: 53 sub1-1-ky => sub1-2-ky : protocol: TCP sub1-1-ky => sub1-3-ky : protocol: TCP sub1-1-ky => sub3-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0 @@ -7,9 +7,11 @@ sub1-2-ky => sub1-1-ky : protocol: TCP sub1-2-ky => sub1-3-ky : protocol: TCP sub1-3-ky => sub1-1-ky : protocol: TCP sub1-3-ky => sub1-2-ky : protocol: TCP -sub2-1-ky => Public Internet [8.8.8.8/32] : protocol: UDP dst-ports: 53 +sub2-1-ky => Public Internet 8.8.8.8/32 : protocol: UDP dst-ports: 53 sub2-1-ky => sub2-2-ky : All Connections sub2-1-ky => sub3-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0; protocol: TCP src-ports: 443 sub2-2-ky => sub2-1-ky : All Connections sub3-1-ky => sub1-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0 sub3-1-ky => sub2-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0; protocol: TCP dst-ports: 443 + +connections are stateful unless marked with * diff --git a/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt b/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt index cce4426a8..4945c5076 100644 --- a/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt @@ -1,139 +1,5 @@ combined connections between subnets: -ky-testenv-edge-subnet-1 => Public Internet [1.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [100.0.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [100.128.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [101.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [102.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [104.0.0.0/5] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [11.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [112.0.0.0/5] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [12.0.0.0/6] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [120.0.0.0/6] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [124.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [126.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [128.0.0.0/3] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [16.0.0.0/4] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [160.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.0.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.128.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.16.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.24.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.26.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.27.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.28.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.32.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [161.64.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [162.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [164.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.0.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.12.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.128.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.16.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.32.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.64.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [166.8.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [167.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [168.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.0.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.128.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.192.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.224.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.240.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.248.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.252.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [169.255.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [170.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [172.0.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [172.128.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [172.32.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [172.64.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [173.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [174.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [176.0.0.0/4] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.1.0/24] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.128.0/17] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.16.0/20] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.3.0/24] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.32.0/19] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.4.0/22] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.64.0/18] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.0.8.0/21] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.1.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.128.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.16.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.160.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.169.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.170.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.172.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.176.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.192.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.2.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.32.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.4.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.64.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.8.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.80.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.0.0/18] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.100.0/22] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.104.0/21] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.112.0/20] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.128.0/17] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.64.0/19] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.96.0/23] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.88.98.0/24] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.89.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.90.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.92.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [192.96.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [193.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [194.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [196.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.0.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.128.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.16.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.20.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.24.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.32.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.48.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.50.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.0.0/18] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.101.0/24] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.102.0/23] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.104.0/21] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.112.0/20] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.128.0/17] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.64.0/19] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.51.96.0/22] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.52.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.56.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [198.64.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [199.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [2.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [200.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [202.0.0.0/8] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.0.0/18] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.112.0/24] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.114.0/23] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.116.0/22] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.120.0/21] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.128.0/17] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.64.0/19] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.0.96.0/20] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.1.0.0/16] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.128.0.0/9] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.16.0.0/12] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.2.0.0/15] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.32.0.0/11] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.4.0.0/14] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.64.0.0/10] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [203.8.0.0/13] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [204.0.0.0/6] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [208.0.0.0/4] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [32.0.0.0/3] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [4.0.0.0/6] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [64.0.0.0/3] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [8.0.0.0/7] : All Connections -ky-testenv-edge-subnet-1 => Public Internet [96.0.0.0/6] : All Connections +ky-testenv-edge-subnet-1 => Public Internet (all ranges) : All Connections ky-testenv-edge-subnet-1 => ky-testenv-edge-subnet-2 : All Connections ky-testenv-edge-subnet-1 => ky-testenv-edge-subnet-3 : All Connections ky-testenv-edge-subnet-1 => ky-testenv-private-subnet-1 : protocol: TCP src-ports: 443 @@ -142,141 +8,7 @@ ky-testenv-edge-subnet-1 => ky-testenv-private-subnet-3 : protocol: TCP src-port ky-testenv-edge-subnet-1 => ky-testenv-transit-subnet-1 : All Connections ky-testenv-edge-subnet-1 => ky-testenv-transit-subnet-2 : All Connections ky-testenv-edge-subnet-1 => ky-testenv-transit-subnet-3 : All Connections -ky-testenv-edge-subnet-2 => Public Internet [1.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [100.0.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [100.128.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [101.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [102.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [104.0.0.0/5] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [11.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [112.0.0.0/5] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [12.0.0.0/6] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [120.0.0.0/6] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [124.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [126.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [128.0.0.0/3] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [16.0.0.0/4] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [160.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.0.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.128.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.16.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.24.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.26.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.27.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.28.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.32.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [161.64.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [162.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [164.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.0.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.12.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.128.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.16.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.32.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.64.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [166.8.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [167.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [168.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.0.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.128.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.192.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.224.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.240.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.248.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.252.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [169.255.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [170.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [172.0.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [172.128.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [172.32.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [172.64.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [173.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [174.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [176.0.0.0/4] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.1.0/24] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.128.0/17] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.16.0/20] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.3.0/24] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.32.0/19] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.4.0/22] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.64.0/18] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.0.8.0/21] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.1.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.128.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.16.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.160.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.169.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.170.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.172.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.176.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.192.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.2.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.32.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.4.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.64.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.8.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.80.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.0.0/18] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.100.0/22] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.104.0/21] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.112.0/20] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.128.0/17] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.64.0/19] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.96.0/23] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.88.98.0/24] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.89.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.90.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.92.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [192.96.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [193.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [194.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [196.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.0.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.128.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.16.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.20.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.24.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.32.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.48.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.50.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.0.0/18] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.101.0/24] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.102.0/23] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.104.0/21] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.112.0/20] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.128.0/17] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.64.0/19] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.51.96.0/22] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.52.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.56.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [198.64.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [199.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [2.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [200.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [202.0.0.0/8] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.0.0/18] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.112.0/24] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.114.0/23] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.116.0/22] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.120.0/21] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.128.0/17] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.64.0/19] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.0.96.0/20] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.1.0.0/16] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.128.0.0/9] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.16.0.0/12] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.2.0.0/15] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.32.0.0/11] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.4.0.0/14] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.64.0.0/10] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [203.8.0.0/13] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [204.0.0.0/6] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [208.0.0.0/4] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [32.0.0.0/3] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [4.0.0.0/6] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [64.0.0.0/3] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [8.0.0.0/7] : All Connections -ky-testenv-edge-subnet-2 => Public Internet [96.0.0.0/6] : All Connections +ky-testenv-edge-subnet-2 => Public Internet (all ranges) : All Connections ky-testenv-edge-subnet-2 => ky-testenv-edge-subnet-1 : All Connections ky-testenv-edge-subnet-2 => ky-testenv-edge-subnet-3 : All Connections ky-testenv-edge-subnet-2 => ky-testenv-private-subnet-1 : protocol: TCP src-ports: 443 @@ -285,141 +17,7 @@ ky-testenv-edge-subnet-2 => ky-testenv-private-subnet-3 : protocol: TCP src-port ky-testenv-edge-subnet-2 => ky-testenv-transit-subnet-1 : All Connections ky-testenv-edge-subnet-2 => ky-testenv-transit-subnet-2 : All Connections ky-testenv-edge-subnet-2 => ky-testenv-transit-subnet-3 : All Connections -ky-testenv-edge-subnet-3 => Public Internet [1.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [100.0.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [100.128.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [101.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [102.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [104.0.0.0/5] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [11.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [112.0.0.0/5] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [12.0.0.0/6] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [120.0.0.0/6] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [124.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [126.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [128.0.0.0/3] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [16.0.0.0/4] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [160.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.0.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.128.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.16.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.24.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.26.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.27.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.28.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.32.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [161.64.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [162.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [164.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.0.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.12.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.128.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.16.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.32.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.64.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [166.8.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [167.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [168.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.0.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.128.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.192.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.224.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.240.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.248.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.252.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [169.255.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [170.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [172.0.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [172.128.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [172.32.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [172.64.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [173.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [174.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [176.0.0.0/4] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.1.0/24] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.128.0/17] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.16.0/20] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.3.0/24] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.32.0/19] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.4.0/22] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.64.0/18] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.0.8.0/21] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.1.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.128.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.16.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.160.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.169.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.170.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.172.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.176.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.192.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.2.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.32.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.4.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.64.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.8.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.80.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.0.0/18] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.100.0/22] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.104.0/21] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.112.0/20] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.128.0/17] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.64.0/19] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.96.0/23] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.88.98.0/24] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.89.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.90.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.92.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [192.96.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [193.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [194.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [196.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.0.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.128.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.16.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.20.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.24.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.32.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.48.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.50.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.0.0/18] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.101.0/24] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.102.0/23] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.104.0/21] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.112.0/20] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.128.0/17] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.64.0/19] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.51.96.0/22] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.52.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.56.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [198.64.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [199.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [2.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [200.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [202.0.0.0/8] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.0.0/18] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.112.0/24] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.114.0/23] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.116.0/22] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.120.0/21] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.128.0/17] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.64.0/19] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.0.96.0/20] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.1.0.0/16] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.128.0.0/9] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.16.0.0/12] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.2.0.0/15] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.32.0.0/11] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.4.0.0/14] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.64.0.0/10] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [203.8.0.0/13] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [204.0.0.0/6] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [208.0.0.0/4] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [32.0.0.0/3] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [4.0.0.0/6] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [64.0.0.0/3] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [8.0.0.0/7] : All Connections -ky-testenv-edge-subnet-3 => Public Internet [96.0.0.0/6] : All Connections +ky-testenv-edge-subnet-3 => Public Internet (all ranges) : All Connections ky-testenv-edge-subnet-3 => ky-testenv-edge-subnet-1 : All Connections ky-testenv-edge-subnet-3 => ky-testenv-edge-subnet-2 : All Connections ky-testenv-edge-subnet-3 => ky-testenv-private-subnet-1 : protocol: TCP src-ports: 443 @@ -476,3 +74,5 @@ ky-testenv-transit-subnet-3 => ky-testenv-private-subnet-2 : protocol: TCP src-p ky-testenv-transit-subnet-3 => ky-testenv-private-subnet-3 : protocol: TCP src-ports: 443 ky-testenv-transit-subnet-3 => ky-testenv-transit-subnet-1 : All Connections ky-testenv-transit-subnet-3 => ky-testenv-transit-subnet-2 : All Connections + +connections are stateful unless marked with * diff --git a/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt b/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt index a0de1bee1..7e3461e99 100644 --- a/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt @@ -1,167 +1,10 @@ combined connections between subnets: -subnet1-ky => Public Internet [1.0.0.0/8] : All Connections -subnet1-ky => Public Internet [100.0.0.0/10] : All Connections -subnet1-ky => Public Internet [100.128.0.0/9] : All Connections -subnet1-ky => Public Internet [101.0.0.0/8] : All Connections -subnet1-ky => Public Internet [102.0.0.0/7] : All Connections -subnet1-ky => Public Internet [104.0.0.0/5] : All Connections -subnet1-ky => Public Internet [11.0.0.0/8] : All Connections -subnet1-ky => Public Internet [112.0.0.0/5] : All Connections -subnet1-ky => Public Internet [12.0.0.0/6] : All Connections -subnet1-ky => Public Internet [120.0.0.0/6] : All Connections -subnet1-ky => Public Internet [124.0.0.0/7] : All Connections -subnet1-ky => Public Internet [126.0.0.0/8] : All Connections -subnet1-ky => Public Internet [128.0.0.0/5] : All Connections -subnet1-ky => Public Internet [136.0.0.0/6] : All Connections -subnet1-ky => Public Internet [140.0.0.0/7] : All Connections -subnet1-ky => Public Internet [142.0.0.0/8] : All Connections -subnet1-ky => Public Internet [143.0.0.0/8] : All Connections -subnet1-ky => Public Internet [144.0.0.0/7] : All Connections -subnet1-ky => Public Internet [146.0.0.0/8] : All Connections -subnet1-ky => Public Internet [147.0.0.0/9] : All Connections -subnet1-ky => Public Internet [147.128.0.0/10] : All Connections -subnet1-ky => Public Internet [147.192.0.0/11] : All Connections -subnet1-ky => Public Internet [147.224.0.0/13] : All Connections -subnet1-ky => Public Internet [147.232.0.0/15] : All Connections -subnet1-ky => Public Internet [147.234.0.0/16] : All Connections -subnet1-ky => Public Internet [147.235.0.0/17] : All Connections -subnet1-ky => Public Internet [147.235.128.0/18] : All Connections -subnet1-ky => Public Internet [147.235.192.0/20] : All Connections -subnet1-ky => Public Internet [147.235.208.0/21] : All Connections -subnet1-ky => Public Internet [147.235.216.0/23] : All Connections -subnet1-ky => Public Internet [147.235.218.0/24] : All Connections -subnet1-ky => Public Internet [147.235.219.0/25] : All Connections -subnet1-ky => Public Internet [147.235.219.128/26] : All Connections -subnet1-ky => Public Internet [147.235.219.192/29] : All Connections -subnet1-ky => Public Internet [147.235.219.200/30] : All Connections -subnet1-ky => Public Internet [147.235.219.204/31] : All Connections -subnet1-ky => Public Internet [147.235.219.206/32] : All Connections -subnet1-ky => Public Internet [147.235.219.207/32] : All Connections -subnet1-ky => Public Internet [147.235.219.208/28] : All Connections -subnet1-ky => Public Internet [147.235.219.224/27] : All Connections -subnet1-ky => Public Internet [147.235.220.0/22] : All Connections -subnet1-ky => Public Internet [147.235.224.0/19] : All Connections -subnet1-ky => Public Internet [147.236.0.0/14] : All Connections -subnet1-ky => Public Internet [147.240.0.0/12] : All Connections -subnet1-ky => Public Internet [148.0.0.0/6] : All Connections -subnet1-ky => Public Internet [152.0.0.0/5] : All Connections -subnet1-ky => Public Internet [16.0.0.0/4] : All Connections -subnet1-ky => Public Internet [160.0.0.0/8] : All Connections -subnet1-ky => Public Internet [161.0.0.0/12] : All Connections -subnet1-ky => Public Internet [161.128.0.0/9] : All Connections -subnet1-ky => Public Internet [161.16.0.0/13] : All Connections -subnet1-ky => Public Internet [161.24.0.0/15] : All Connections -subnet1-ky => Public Internet [161.26.0.0/16] : All Connections -subnet1-ky => Public Internet [161.27.0.0/16] : All Connections -subnet1-ky => Public Internet [161.28.0.0/14] : All Connections -subnet1-ky => Public Internet [161.32.0.0/11] : All Connections -subnet1-ky => Public Internet [161.64.0.0/10] : All Connections -subnet1-ky => Public Internet [162.0.0.0/7] : All Connections -subnet1-ky => Public Internet [164.0.0.0/6] : All Connections -subnet1-ky => Public Internet [168.0.0.0/8] : All Connections -subnet1-ky => Public Internet [169.0.0.0/9] : All Connections -subnet1-ky => Public Internet [169.128.0.0/10] : All Connections -subnet1-ky => Public Internet [169.192.0.0/11] : All Connections -subnet1-ky => Public Internet [169.224.0.0/12] : All Connections -subnet1-ky => Public Internet [169.240.0.0/13] : All Connections -subnet1-ky => Public Internet [169.248.0.0/14] : All Connections -subnet1-ky => Public Internet [169.252.0.0/15] : All Connections -subnet1-ky => Public Internet [169.255.0.0/16] : All Connections -subnet1-ky => Public Internet [170.0.0.0/7] : All Connections -subnet1-ky => Public Internet [172.0.0.0/12] : All Connections -subnet1-ky => Public Internet [172.128.0.0/9] : All Connections -subnet1-ky => Public Internet [172.32.0.0/11] : All Connections -subnet1-ky => Public Internet [172.64.0.0/10] : All Connections -subnet1-ky => Public Internet [173.0.0.0/8] : All Connections -subnet1-ky => Public Internet [174.0.0.0/7] : All Connections -subnet1-ky => Public Internet [176.0.0.0/4] : All Connections -subnet1-ky => Public Internet [192.0.1.0/24] : All Connections -subnet1-ky => Public Internet [192.0.128.0/17] : All Connections -subnet1-ky => Public Internet [192.0.16.0/20] : All Connections -subnet1-ky => Public Internet [192.0.3.0/24] : All Connections -subnet1-ky => Public Internet [192.0.32.0/19] : All Connections -subnet1-ky => Public Internet [192.0.4.0/22] : All Connections -subnet1-ky => Public Internet [192.0.64.0/18] : All Connections -subnet1-ky => Public Internet [192.0.8.0/21] : All Connections -subnet1-ky => Public Internet [192.1.0.0/16] : All Connections -subnet1-ky => Public Internet [192.128.0.0/11] : All Connections -subnet1-ky => Public Internet [192.16.0.0/12] : All Connections -subnet1-ky => Public Internet [192.160.0.0/13] : All Connections -subnet1-ky => Public Internet [192.169.0.0/16] : All Connections -subnet1-ky => Public Internet [192.170.0.0/15] : All Connections -subnet1-ky => Public Internet [192.172.0.0/14] : All Connections -subnet1-ky => Public Internet [192.176.0.0/12] : All Connections -subnet1-ky => Public Internet [192.192.0.0/10] : All Connections -subnet1-ky => Public Internet [192.2.0.0/15] : All Connections -subnet1-ky => Public Internet [192.32.0.0/11] : All Connections -subnet1-ky => Public Internet [192.4.0.0/14] : All Connections -subnet1-ky => Public Internet [192.64.0.0/12] : All Connections -subnet1-ky => Public Internet [192.8.0.0/13] : All Connections -subnet1-ky => Public Internet [192.80.0.0/13] : All Connections -subnet1-ky => Public Internet [192.88.0.0/18] : All Connections -subnet1-ky => Public Internet [192.88.100.0/22] : All Connections -subnet1-ky => Public Internet [192.88.104.0/21] : All Connections -subnet1-ky => Public Internet [192.88.112.0/20] : All Connections -subnet1-ky => Public Internet [192.88.128.0/17] : All Connections -subnet1-ky => Public Internet [192.88.64.0/19] : All Connections -subnet1-ky => Public Internet [192.88.96.0/23] : All Connections -subnet1-ky => Public Internet [192.88.98.0/24] : All Connections -subnet1-ky => Public Internet [192.89.0.0/16] : All Connections -subnet1-ky => Public Internet [192.90.0.0/15] : All Connections -subnet1-ky => Public Internet [192.92.0.0/14] : All Connections -subnet1-ky => Public Internet [192.96.0.0/11] : All Connections -subnet1-ky => Public Internet [193.0.0.0/8] : All Connections -subnet1-ky => Public Internet [194.0.0.0/7] : All Connections -subnet1-ky => Public Internet [196.0.0.0/7] : All Connections -subnet1-ky => Public Internet [198.0.0.0/12] : All Connections -subnet1-ky => Public Internet [198.128.0.0/9] : All Connections -subnet1-ky => Public Internet [198.16.0.0/15] : All Connections -subnet1-ky => Public Internet [198.20.0.0/14] : All Connections -subnet1-ky => Public Internet [198.24.0.0/13] : All Connections -subnet1-ky => Public Internet [198.32.0.0/12] : All Connections -subnet1-ky => Public Internet [198.48.0.0/15] : All Connections -subnet1-ky => Public Internet [198.50.0.0/16] : All Connections -subnet1-ky => Public Internet [198.51.0.0/18] : All Connections -subnet1-ky => Public Internet [198.51.101.0/24] : All Connections -subnet1-ky => Public Internet [198.51.102.0/23] : All Connections -subnet1-ky => Public Internet [198.51.104.0/21] : All Connections -subnet1-ky => Public Internet [198.51.112.0/20] : All Connections -subnet1-ky => Public Internet [198.51.128.0/17] : All Connections -subnet1-ky => Public Internet [198.51.64.0/19] : All Connections -subnet1-ky => Public Internet [198.51.96.0/22] : All Connections -subnet1-ky => Public Internet [198.52.0.0/14] : All Connections -subnet1-ky => Public Internet [198.56.0.0/13] : All Connections -subnet1-ky => Public Internet [198.64.0.0/10] : All Connections -subnet1-ky => Public Internet [199.0.0.0/8] : All Connections -subnet1-ky => Public Internet [2.0.0.0/7] : All Connections -subnet1-ky => Public Internet [200.0.0.0/7] : All Connections -subnet1-ky => Public Internet [202.0.0.0/8] : All Connections -subnet1-ky => Public Internet [203.0.0.0/18] : All Connections -subnet1-ky => Public Internet [203.0.112.0/24] : All Connections -subnet1-ky => Public Internet [203.0.114.0/23] : All Connections -subnet1-ky => Public Internet [203.0.116.0/22] : All Connections -subnet1-ky => Public Internet [203.0.120.0/21] : All Connections -subnet1-ky => Public Internet [203.0.128.0/17] : All Connections -subnet1-ky => Public Internet [203.0.64.0/19] : All Connections -subnet1-ky => Public Internet [203.0.96.0/20] : All Connections -subnet1-ky => Public Internet [203.1.0.0/16] : All Connections -subnet1-ky => Public Internet [203.128.0.0/9] : All Connections -subnet1-ky => Public Internet [203.16.0.0/12] : All Connections -subnet1-ky => Public Internet [203.2.0.0/15] : All Connections -subnet1-ky => Public Internet [203.32.0.0/11] : All Connections -subnet1-ky => Public Internet [203.4.0.0/14] : All Connections -subnet1-ky => Public Internet [203.64.0.0/10] : All Connections -subnet1-ky => Public Internet [203.8.0.0/13] : All Connections -subnet1-ky => Public Internet [204.0.0.0/6] : All Connections -subnet1-ky => Public Internet [208.0.0.0/4] : All Connections -subnet1-ky => Public Internet [32.0.0.0/3] : All Connections -subnet1-ky => Public Internet [4.0.0.0/6] : All Connections -subnet1-ky => Public Internet [64.0.0.0/3] : All Connections -subnet1-ky => Public Internet [8.0.0.0/7] : All Connections -subnet1-ky => Public Internet [96.0.0.0/6] : All Connections +subnet1-ky => Public Internet (all ranges) : All Connections subnet1-ky => subnet2-ky : All Connections subnet1-ky => subnet3-ky : All Connections subnet2-ky => subnet1-ky : All Connections subnet2-ky => subnet3-ky : All Connections subnet3-ky => subnet1-ky : All Connections subnet3-ky => subnet2-ky : All Connections + +connections are stateful unless marked with * From 5ad89a8e70db6db788dc63c98a49aa7f726ca0ae Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 15 Aug 2023 14:40:47 +0300 Subject: [PATCH 6/9] make lint happy --- pkg/vpcmodel/grouping.go | 16 +++++----------- pkg/vpcmodel/subnetsConnectivity.go | 3 ++- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index c2741d3e7..759a522aa 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -169,17 +169,11 @@ func (g *GroupConnLines) groupExternalAddressesForSubnets() { continue } connString := conns.EnhancedString() - hasExternal := false - switch dst.(type) { - case Node: - if dst.(Node).IsPublicInternet() { - hasExternal = true - g.srcToDst.addPublicConnectivity(src, connString, dst.(Node)) - } - } - // since pgw enable only egress src can not be public internet - // not an external connection in source or destination - nothing to group, just append - if !hasExternal { + if dstNode, ok := dst.(Node); ok && dstNode.IsPublicInternet() { + g.srcToDst.addPublicConnectivity(src, connString, dstNode) + } else { + // since pgw enable only egress src can not be public internet + // not an external connection in source or destination - nothing to group, just append res = append(res, &GroupedConnLine{src, dst, connString}) } } diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 6bef56410..7667ac04d 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -1,9 +1,10 @@ package vpcmodel import ( + "github.com/np-guard/vpc-network-config-analyzer/pkg/common" + "errors" "fmt" - "github.com/np-guard/vpc-network-config-analyzer/pkg/common" ) // VPCsubnetConnectivity captures allowed connectivity for subnets, considering nacl and pgw resources From 9fe9fd70f0dbe7bd3f5b17e20798cc79f391cfa6 Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 15 Aug 2023 17:11:52 +0300 Subject: [PATCH 7/9] CR comment: statefullness not computed yet --- .../acl_testing5_oldsubnetsBased_withPGW.txt | 4 +--- .../examples/acl_testing5subnetsBased_withPGW.txt | 4 +--- .../demo_with_instancessubnetsBased_withPGW.txt | 4 +--- .../examples/sg_testing1_newsubnetsBased_withPGW.txt | 4 +--- pkg/vpcmodel/grouping.go | 12 ++++++++++++ pkg/vpcmodel/subnetsConnectivity.go | 3 ++- 6 files changed, 18 insertions(+), 13 deletions(-) diff --git a/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt b/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt index 19345a599..d6f2f9a5e 100644 --- a/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/acl_testing5_oldsubnetsBased_withPGW.txt @@ -8,6 +8,4 @@ sub1-3-ky => sub1-1-ky : protocol: TCP sub1-3-ky => sub1-2-ky : protocol: TCP sub2-1-ky => Public Internet 8.8.8.8/32 : protocol: UDP dst-ports: 53 sub2-1-ky => sub2-2-ky : All Connections -sub2-2-ky => sub2-1-ky : All Connections - -connections are stateful unless marked with * +sub2-2-ky => sub2-1-ky : All Connections \ No newline at end of file diff --git a/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt b/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt index 90458b183..e25f47db2 100644 --- a/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/acl_testing5subnetsBased_withPGW.txt @@ -12,6 +12,4 @@ sub2-1-ky => sub2-2-ky : All Connections sub2-1-ky => sub3-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0; protocol: TCP src-ports: 443 sub2-2-ky => sub2-1-ky : All Connections sub3-1-ky => sub1-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0 -sub3-1-ky => sub2-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0; protocol: TCP dst-ports: 443 - -connections are stateful unless marked with * +sub3-1-ky => sub2-1-ky : protocol: ICMP icmp-type: 0 icmp-code: 0; protocol: TCP dst-ports: 443 \ No newline at end of file diff --git a/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt b/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt index 4945c5076..756aef988 100644 --- a/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/demo_with_instancessubnetsBased_withPGW.txt @@ -73,6 +73,4 @@ ky-testenv-transit-subnet-3 => ky-testenv-private-subnet-1 : protocol: TCP src-p ky-testenv-transit-subnet-3 => ky-testenv-private-subnet-2 : protocol: TCP src-ports: 443 ky-testenv-transit-subnet-3 => ky-testenv-private-subnet-3 : protocol: TCP src-ports: 443 ky-testenv-transit-subnet-3 => ky-testenv-transit-subnet-1 : All Connections -ky-testenv-transit-subnet-3 => ky-testenv-transit-subnet-2 : All Connections - -connections are stateful unless marked with * +ky-testenv-transit-subnet-3 => ky-testenv-transit-subnet-2 : All Connections \ No newline at end of file diff --git a/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt b/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt index 7e3461e99..65bfefb16 100644 --- a/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt +++ b/pkg/ibmvpc/examples/sg_testing1_newsubnetsBased_withPGW.txt @@ -5,6 +5,4 @@ subnet1-ky => subnet3-ky : All Connections subnet2-ky => subnet1-ky : All Connections subnet2-ky => subnet3-ky : All Connections subnet3-ky => subnet1-ky : All Connections -subnet3-ky => subnet2-ky : All Connections - -connections are stateful unless marked with * +subnet3-ky => subnet2-ky : All Connections \ No newline at end of file diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index 759a522aa..f771c560c 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -243,6 +243,18 @@ func (g *GroupConnLines) String() string { return strings.Join(linesStr, "\n") + asteriskDetails } +// StringTmpWA ToDo: tmp WA until https://github.com/np-guard/vpc-network-config-analyzer/issues/138. +// +// Once the issue is solved this code can be deleted +func (g *GroupConnLines) StringTmpWA() string { + linesStr := make([]string, len(g.GroupedLines)) + for i, line := range g.GroupedLines { + linesStr[i] = line.String() + } + sort.Strings(linesStr) + return strings.Join(linesStr, "\n") +} + func listNodesStr(nodes []Node, fn func(Node) string) string { nodesStrings := make([]string, len(nodes)) for i, n := range nodes { diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 7667ac04d..427f27273 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -258,7 +258,8 @@ func (v *VPCsubnetConnectivity) computeAllowedConnsCombined() error { func (v *VPCsubnetConnectivity) String() string { res := "combined connections between subnets:\n" - res += v.GroupedConnectivity.String() + //res += v.GroupedConnectivity.String() ToDo: uncomment once https://github.com/np-guard/vpc-network-config-analyzer/issues/138 is solved + res += v.GroupedConnectivity.StringTmpWA() return res } From 7766b0bed1f239fd4a4c40fa9aa58b15ca99b3ca Mon Sep 17 00:00:00 2001 From: shirim Date: Tue, 15 Aug 2023 17:13:26 +0300 Subject: [PATCH 8/9] lint is a real Nazi --- pkg/vpcmodel/subnetsConnectivity.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vpcmodel/subnetsConnectivity.go b/pkg/vpcmodel/subnetsConnectivity.go index 427f27273..89541a6c7 100644 --- a/pkg/vpcmodel/subnetsConnectivity.go +++ b/pkg/vpcmodel/subnetsConnectivity.go @@ -258,7 +258,7 @@ func (v *VPCsubnetConnectivity) computeAllowedConnsCombined() error { func (v *VPCsubnetConnectivity) String() string { res := "combined connections between subnets:\n" - //res += v.GroupedConnectivity.String() ToDo: uncomment once https://github.com/np-guard/vpc-network-config-analyzer/issues/138 is solved + // res += v.GroupedConnectivity.String() ToDo: uncomment once https://github.com/np-guard/vpc-network-config-analyzer/issues/138 is solved res += v.GroupedConnectivity.StringTmpWA() return res } From 99c9b4d9e90642e913ae19d0be5554f5a4045886 Mon Sep 17 00:00:00 2001 From: shirim Date: Wed, 16 Aug 2023 10:41:31 +0300 Subject: [PATCH 9/9] improved a comment --- pkg/vpcmodel/grouping.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/vpcmodel/grouping.go b/pkg/vpcmodel/grouping.go index f771c560c..d8c0d76b0 100644 --- a/pkg/vpcmodel/grouping.go +++ b/pkg/vpcmodel/grouping.go @@ -171,8 +171,7 @@ func (g *GroupConnLines) groupExternalAddressesForSubnets() { connString := conns.EnhancedString() if dstNode, ok := dst.(Node); ok && dstNode.IsPublicInternet() { g.srcToDst.addPublicConnectivity(src, connString, dstNode) - } else { - // since pgw enable only egress src can not be public internet + } else { // since pgw enable only egress src can not be public internet, the above is the only option of public internet // not an external connection in source or destination - nothing to group, just append res = append(res, &GroupedConnLine{src, dst, connString}) }