Displaying 7 results from an estimated 7 matches for "allowed_subnets".
2017 Sep 27
2
Conditionally disabling auth policy
...side world).
> >
> > Is there any way to disable auth policy, possibly inside a remote{}?
> >
> > auth_policy_server_url complains that it can't be used inside a remote
> > block, so no dice there. Anything I'm missing?
>
> From my config:
> ```
> allowed_subnets=newNetmaskGroup()
> allowed_subnets:addMask('fe80::/64')
> allowed_subnets:addMask('127.0.0.0/8')
> [snip]
> if (not(allowed_subnets.match(lt.remote)))
> -- do GeoIP check
> end
> ```
>
> of course could just skip all checks in that case if reall...
2017 Sep 27
2
Conditionally disabling auth policy
I've been digging into the auth policy stuff with weakforced lately. There
are cases (IP ranges, so could be wrapped up in remote {} blocks) where
it'd be nice to skip the auth policy (internal hosts that I can trust, but
that are hitting the same servers as the outside world).
Is there any way to disable auth policy, possibly inside a remote{}?
auth_policy_server_url complains that it
2017 Sep 28
2
Conditionally disabling auth policy
...way to disable auth policy, possibly inside a remote{}?
> >>>
> >>> auth_policy_server_url complains that it can't be used inside a remote
> >>> block, so no dice there. Anything I'm missing?
> >> From my config:
> >> ```
> >> allowed_subnets=newNetmaskGroup()
> >> allowed_subnets:addMask('fe80::/64')
> >> allowed_subnets:addMask('127.0.0.0/8')
> >> [snip]
> >> if (not(allowed_subnets.match(lt.remote)))
> >> -- do GeoIP check
> >> end
> >> ```
>...
2017 Sep 28
1
Conditionally disabling auth policy
...> >>>
> > > >>> auth_policy_server_url complains that it can't be used inside a
> remote
> > > >>> block, so no dice there. Anything I'm missing?
> > > >> From my config:
> > > >> ```
> > > >> allowed_subnets=newNetmaskGroup()
> > > >> allowed_subnets:addMask('fe80::/64')
> > > >> allowed_subnets:addMask('127.0.0.0/8')
> > > >> [snip]
> > > >> if (not(allowed_subnets.match(lt.remote)))
> > > >> -- do GeoIP...
2017 Sep 27
0
Conditionally disabling auth policy
...re hitting the same servers as the outside world).
>
> Is there any way to disable auth policy, possibly inside a remote{}?
>
> auth_policy_server_url complains that it can't be used inside a remote
> block, so no dice there. Anything I'm missing?
>From my config:
```
allowed_subnets=newNetmaskGroup()
allowed_subnets:addMask('fe80::/64')
allowed_subnets:addMask('127.0.0.0/8')
[snip]
if (not(allowed_subnets.match(lt.remote)))
-- do GeoIP check
end
```
of course could just skip all checks in that case if really wanted. but
you probably want to be carefu...
2017 Sep 28
0
Conditionally disabling auth policy
...gt;
>>> Is there any way to disable auth policy, possibly inside a remote{}?
>>>
>>> auth_policy_server_url complains that it can't be used inside a remote
>>> block, so no dice there. Anything I'm missing?
>> From my config:
>> ```
>> allowed_subnets=newNetmaskGroup()
>> allowed_subnets:addMask('fe80::/64')
>> allowed_subnets:addMask('127.0.0.0/8')
>> [snip]
>> if (not(allowed_subnets.match(lt.remote)))
>> -- do GeoIP check
>> end
>> ```
>>
>> of course could just s...
2017 Sep 28
0
Conditionally disabling auth policy
...ssibly inside a remote{}?
> > >>>
> > >>> auth_policy_server_url complains that it can't be used inside a remote
> > >>> block, so no dice there. Anything I'm missing?
> > >> From my config:
> > >> ```
> > >> allowed_subnets=newNetmaskGroup()
> > >> allowed_subnets:addMask('fe80::/64')
> > >> allowed_subnets:addMask('127.0.0.0/8')
> > >> [snip]
> > >> if (not(allowed_subnets.match(lt.remote)))
> > >> -- do GeoIP check
> > >>...