pic/api at 5a4e2924405b8358efc37849a0037a010e1e0b4c - pic - Gitea: Git with a cup of tea

roof/pic

Files

T

History

roof 5a4e292440 fix: allow reply traffic from connected cells through FORWARD chain

apply_cell_rules drops all traffic from a cell's subnet except specific
service ports. This also drops ICMP replies and TCP ACKs for connections
initiated by local peers to the connected cell, breaking cross-cell
routing (ping to 10.0.0.1 silently dropped by test's cell DROP rule).

Fix: ensure_forward_stateful() inserts a stateful ESTABLISHED,RELATED
ACCEPT at the top of FORWARD. Called from apply_cell_rules (every cell
add/update) and from _apply_startup_enforcement. Idempotent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-04 15:13:59 -04:00

..

fix: WireGuard routing, DNS, service access, and UI improvements

2026-04-20 12:43:23 -04:00

fix: cross-cell routing for split-tunnel peers

2026-05-04 14:36:28 -04:00

.coverage

init

2025-09-12 23:04:52 +03:00

API_DOCUMENTATION.md

init

2025-09-12 23:04:52 +03:00

app.py

fix: allow reply traffic from connected cells through FORWARD chain

2026-05-04 15:13:59 -04:00

auth_manager.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

auth_routes.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

base_service_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

calendar_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

cell_cli.py

init

2025-09-12 23:04:52 +03:00

cell_link_manager.py

Add domain conflict validation when changing domain or accepting heal invite

2026-05-04 09:46:58 -04:00

cell_manager.py

init

2025-09-12 23:04:52 +03:00

config_manager.py

A5: Extract all route groups into Flask blueprints (app.py -1735 lines)

2026-05-01 06:11:21 -04:00

config.py

init

2025-09-12 23:04:52 +03:00

container_manager.py

fix: silent autosave, pending dedup, domain/cell_name pending, containers access

2026-04-24 07:16:13 -04:00

Dockerfile

fix: full-tunnel default, real host routing table, peer config tunnel mode

2026-04-20 15:20:55 -04:00

email_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

enhanced_cli.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

file_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

firewall_manager.py

fix: allow reply traffic from connected cells through FORWARD chain

2026-05-04 15:13:59 -04:00

ip_utils.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

log_manager.py

fix: spurious health alerts, show rotated logs, clear history button

2026-04-21 03:05:04 -04:00

managers.py

fix(P2): peer add rollback, helper failure recovery, manager extraction (A2/A3/A5)

2026-05-01 05:27:39 -04:00

network_manager.py

fix: cross-cell routing for split-tunnel peers

2026-05-04 14:36:28 -04:00

peer_registry.py

feat: Phase 3 - per-peer internet routing via exit cell

2026-05-01 16:23:31 -04:00

port_registry.py

feat: port conflict validation, autosave on Apply, extended integration tests

2026-04-24 04:45:47 -04:00

requirements.txt

feat: add comprehensive E2E test suite (Playwright + WireGuard + API)

2026-04-25 16:41:13 -04:00

routing_manager.py

feat(cells): fix PIC-to-PIC connection + add service-sharing permissions

2026-05-01 08:35:24 -04:00

service_bus.py

fix for bus

2025-09-13 14:42:32 +03:00

test_enhanced_api.py

wip: make work Services Status

2025-09-13 14:23:31 +03:00

vault_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

wireguard_manager.py

Fix ensure_postup_dnat to strip-and-replace all DNAT rules idempotently

2026-05-04 06:54:20 -04:00