Skip to content

Solve duplicated firewall rules #849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 27, 2025
Merged

Solve duplicated firewall rules #849

merged 5 commits into from
Nov 27, 2025

Conversation

@nesitor
Copy link
Member

@nesitor nesitor commented Nov 26, 2025

Solve duplicated firewall rules when a VM is removed and re-allocated or when restart the service.

Related ClickUp, GitHub or Jira tickets : ALEPH-446

Self proofreading checklist

  • The new code clear, easy to read and well commented.
  • New code does not duplicate the functions of builtin or popular libraries.
  • An LLM was used to review the new code and look for simplifications.
  • New classes and functions contain docstrings explaining what they provide.
  • All new code is covered by relevant tests.
  • Documentation has been updated regarding these changes.
  • Dependencies update in the project.toml have been mirrored in the Debian package build script packaging/Makefile

Changes

Ensure to force same int types for ports forwarded when searching and applying the firewall rules.

How to test

Create an instance, then un-allocate it and then re-allocate the ame instance or another one and use the command nft list ruleset to see the firewall rules. Only the proper rules should appear for every VM.

nesitor and others added 3 commits November 26, 2025 00:37
@nesitor
Fix: Solve duplication issue of firewall redirection rules caused by …
7281bd5 
…type miss-matching. It's the first step were all the rules are removed and new ones are created all the time. This need to be improved.
@nesitor
Fix: Removed rules regeneration, now maintains the existing ones on t…
5117591 
…he database, but needs more testing.
Fix: Solved code quality issues.
b4cc679
@nesitor nesitor self-assigned this Nov 26, 2025
@codecov
Copy link

codecov bot commented Nov 26, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 9.90991% with 100 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.11%. Comparing base (e2f64f0) to head (4372f97).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
src/aleph/vm/network/firewall.py 6.38% 44 Missing ⚠️
src/aleph/vm/orchestrator/views/__init__.py 6.38% 44 Missing ⚠️
src/aleph/vm/models.py 41.66% 6 Missing and 1 partial ⚠️
src/aleph/vm/pool.py 0.00% 4 Missing ⚠️
src/aleph/vm/network/port_availability_checker.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #849      +/-   ##
==========================================
- Coverage   64.76%   64.11%   -0.66%     
==========================================
  Files          88       88              
  Lines        8185     8281      +96     
  Branches      739      752      +13     
==========================================
+ Hits         5301     5309       +8     
- Misses       2652     2739      +87     
- Partials      232      233       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nesitor nesitor mentioned this pull request Nov 26, 2025
Merged
7 tasks
@nesitor
Feature: To be able to clean existing issues on firewall rules, creat…
4372f97 
…e an authenticated endpoint that allows to clean completely the network setting and re-create it from the existing running VMs.
1yam
1yam approved these changes Nov 27, 2025
View reviewed changes
Copy link
Member

@1yam 1yam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nesitor nesitor merged commit edc5e67 into main Nov 27, 2025
34 of 37 checks passed
@nesitor nesitor deleted the andres-fix-solve_duplicated_firewall_redirects branch November 27, 2025 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@1yam 1yam 1yam approved these changes

@odesenfans odesenfans Awaiting requested review from odesenfans

@amalcaraz amalcaraz Awaiting requested review from amalcaraz

Assignees

@nesitor nesitor

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nesitor @1yam