firewall

Documentation

Index

• func AddInboundRule(proto string, port int) error
• func RemoveInboundRule(proto string, port int) error
• func Reset()
• type IncomingRuleRemove
• type IncomingTrafficFirewall
  • func NewIncomingTrafficFirewall(enabled bool) IncomingTrafficFirewall
• type OutgoingRuleRemove
  • func AllowIPAccess(ip string) (OutgoingRuleRemove, error)
  • func AllowURLAccess(urls ...string) (OutgoingRuleRemove, error)
  • func BlockNonTunnelTraffic(scope Scope, outboundIP string) (OutgoingRuleRemove, error)
• type OutgoingTrafficFirewall
  • func NewOutgoingTrafficFirewall(enabled bool) OutgoingTrafficFirewall
• type Scope

Functions

func AddInboundRule

func AddInboundRule(proto string, port int) error

AddInboundRule adds new inbound rule to the platform specific firewall.

func RemoveInboundRule

func RemoveInboundRule(proto string, port int) error

RemoveInboundRule removes inbound rule from the platform specific firewall.

func Reset

func Reset()

Reset firewall state - usually called when cleanup is needed (during shutdown).

Types

type IncomingRuleRemove

type IncomingRuleRemove func() error

IncomingRuleRemove type defines function for removal of created rule.

type IncomingTrafficFirewall

type IncomingTrafficFirewall interface {
	Setup() error
	Teardown()
	BlockIncomingTraffic(network net.IPNet) (IncomingRuleRemove, error)
	AllowURLAccess(rawURLs ...string) (IncomingRuleRemove, error)
	AllowIPAccess(ip net.IP) (IncomingRuleRemove, error)
}

IncomingTrafficFirewall defines provider side firewall, to control which traffic is enabled to pass and which not.

func NewIncomingTrafficFirewall

func NewIncomingTrafficFirewall(enabled bool) IncomingTrafficFirewall

NewIncomingTrafficFirewall creates firewall instance for incoming traffic.

type OutgoingRuleRemove

type OutgoingRuleRemove func()

OutgoingRuleRemove type defines function for removal of created rule.

func AllowIPAccess

func AllowIPAccess(ip string) (OutgoingRuleRemove, error)

AllowIPAccess adds IP based exception.

func AllowURLAccess

func AllowURLAccess(urls ...string) (OutgoingRuleRemove, error)

AllowURLAccess adds exception to blocked traffic for specified URL (host part is usually taken).

func BlockNonTunnelTraffic

func BlockNonTunnelTraffic(scope Scope, outboundIP string) (OutgoingRuleRemove, error)

BlockNonTunnelTraffic effectively disallows any outgoing traffic from consumer node with specified scope.

type OutgoingTrafficFirewall

type OutgoingTrafficFirewall interface {
	Setup() error
	Teardown()
	BlockOutgoingTraffic(scope Scope, outboundIP string) (OutgoingRuleRemove, error)
	AllowIPAccess(ip string) (OutgoingRuleRemove, error)
	AllowURLAccess(rawURLs ...string) (OutgoingRuleRemove, error)
}

OutgoingTrafficFirewall defines consumer side firewall a.k.a. kill switch. Purpose is to detect traffic which leaves machine and reject it, because during established VPN connection it is expected to leave through tunnel device only.

var DefaultOutgoingFirewall OutgoingTrafficFirewall = &outgoingFirewallNoop{}

DefaultOutgoingFirewall outgoing traffic firewall bootstrapped for global calls.

func NewOutgoingTrafficFirewall

func NewOutgoingTrafficFirewall(enabled bool) OutgoingTrafficFirewall

NewOutgoingTrafficFirewall creates firewall instance for outgoing traffic.

type Scope

type Scope string

Scope type represents scope of blocking consumer traffic.

const (
	// Global scope overrides session scope and is not affected by session scope calls.
	Global Scope = "global"
	// Session scope block is applied before connection session begins and is removed when session ends.
	Session Scope = "session"
)