With the latest ACL feature in Netmaker, managing network access has never been easier. This powerful addition allows network administrators to control communication between devices by defining policies that restrict or allow access.

What is ACL?Copied!

An Access Control List (ACL) is a set of rules that specify which users or devices are allowed or denied communication within a network. ACLs are used by network administrators to control traffic flow, ensuring that only authorized entities can access or interact with certain network resources, enhancing overall network security.

There are two main types of ACL policies: User Policies and Resource Policies:

User PoliciesCopied!

This type of policy controls which users can access or interact with specific network devices (e.g., servers, databases, gateways). It ensures that only authorized users have permission to access sensitive devices or services.

Example: Grant access to a DevOps team for database servers while restricting other teams' access to the same resources. This ensures only authorized users can access sensitive resources, improving network security.

Resource PoliciesCopied!

This policy controls which devices (like servers, web applications, databases, or gateways) can communicate with each other. It restricts or permits communication between devices based on the network's security needs.

Example: A web server might be allowed to communicate with a database server but blocked from connecting to other devices, such as file storage servers or printers. This limits unnecessary or unauthorized traffic between devices, enhancing network security and performance.

Default PoliciesCopied!

The Default Policies are automatically generated whenever a new network is created, enabling unrestricted two-way communication between users and resources, as well as between resources themselves. These policies ensure full connectivity during the initial setup.

1. All Nodes: Enables all resources (e.g., servers, gateways) to communicate freely with one another in both directions.

2. All Remote Access Gateways: Allows remote access gateways (remote-access-gws) to communicate with all resources and vice versa.

3. All Users: Grants all users full access to all resources, ensuring open two-way communication.

4. Network Admin: Grants users in the netmaker Admin Group and the All Networks Admin Group full two-way communication with the remote access gateways (remote-access-gws) and associated resources.

5. Network User: Grants users in the netmaker User Group and the All Networks User Group unrestricted access to remote access gateways (remote-access-gws) and associated resources in both directions.

How to Add ACLs in NetmakerCopied!

Navigate to the Access Control interface of your network.

Click on Try New ACL to proceed.

Once you're in the ACL tab, you'll see a list of all the ACLs for the entire network. From here, you can enable or disable any ACL. And if you want to add a new policy, just click on Add Policy.

Here, you can define a custom rule by specifying:

• Policy For: Choose whether the policy applies to resources (controlling device access) or users (managing user permissions).

• Rule Name: Give the rule a clear name, like "api-gateway-access" or “devops-team”

• Source and Destination: Select the source and destination entities to control which nodes can communicate. Tags are available to help group nodes and apply rules more efficiently.

• Enable Policy: Toggle this switch to activate or deactivate the policy.

Once configured, click Save Policy to apply the policy.

How to Update ACLs in NetmakerCopied!

Identify the ACL policy you want to update, click on the three dots, and choose the "Edit" option

After selecting "Edit," make the necessary adjustments to the ACL policy settings based on your requirements.

How to Remove ACLs in NetmakerCopied!

Identify the ACL policy you want to remove, hover over the three dots, and select the "Remove" option.