This release adds rule composition, and port hiding/unhiding based on authorisation status.
For example:
"*": {
"Mfa": [
"10.0.0.0/16",
"10.0.1.1/32 22/tcp",
]
},
"group:users": {
"Allow": [
"10.0.1.1/32 443/tcp",
]
}Previously (< v6.1.x) would take the last defined policy for a given route (10.0.1.1/32), which would only allow you to define an MFA rule, or a Public/Allow rule.
Now, members of the group:users group will be able to access 10.0.1.1/32 22/tcp without authorisation and 22/tcp and 443/tcp with authorisation.
(A maximum of 128 port definitions can be defined per route)
Features:
- Change the way rules are composed, if a route is define multiple times the port restrictions are added to one another rather than the final rule being applied
- MFA and Public/Allow rules can exist for the same route