firewall

package

v0.0.0-...-0b48d5a Latest Latest Go to latest Published: Nov 22, 2024 License: GPL-3.0 Imports: 8 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mysteriumnetwork/node

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func AddInboundRule(proto string, port int) error
func RemoveInboundRule(proto string, port int) error
func Reset()
type IncomingRuleRemove
type IncomingTrafficFirewall
- func NewIncomingTrafficFirewall(enabled bool) IncomingTrafficFirewall
type OutgoingRuleRemove
type OutgoingTrafficFirewall
- func NewOutgoingTrafficFirewall(enabled bool) OutgoingTrafficFirewall
type Scope

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddInboundRule ¶

func AddInboundRule(proto string, port int) error

AddInboundRule adds new inbound rule to the platform specific firewall.

func RemoveInboundRule ¶

func RemoveInboundRule(proto string, port int) error

RemoveInboundRule removes inbound rule from the platform specific firewall.

func Reset ¶

func Reset()

Reset firewall state - usually called when cleanup is needed (during shutdown).

Types ¶

type IncomingRuleRemove ¶

type IncomingRuleRemove func() error

IncomingRuleRemove type defines function for removal of created rule.

type IncomingTrafficFirewall ¶

type IncomingTrafficFirewall interface {
	Setup() error
	Teardown()
	BlockIncomingTraffic(network net.IPNet) (IncomingRuleRemove, error)
	AllowURLAccess(rawURLs ...string) (IncomingRuleRemove, error)
	AllowIPAccess(ip net.IP) (IncomingRuleRemove, error)
}

IncomingTrafficFirewall defines provider side firewall, to control which traffic is enabled to pass and which not.

func NewIncomingTrafficFirewall ¶

func NewIncomingTrafficFirewall(enabled bool) IncomingTrafficFirewall

NewIncomingTrafficFirewall creates firewall instance for incoming traffic.

type OutgoingRuleRemove ¶

type OutgoingRuleRemove func()

OutgoingRuleRemove type defines function for removal of created rule.

func AllowURLAccess ¶

func AllowURLAccess(urls ...string) (OutgoingRuleRemove, error)

AllowURLAccess adds exception to blocked traffic for specified URL (host part is usually taken).

func BlockNonTunnelTraffic ¶

func BlockNonTunnelTraffic(scope Scope, outboundIP string) (OutgoingRuleRemove, error)

BlockNonTunnelTraffic effectively disallows any outgoing traffic from consumer node with specified scope.

type OutgoingTrafficFirewall ¶

type OutgoingTrafficFirewall interface {
	Setup() error
	Teardown()
	BlockOutgoingTraffic(scope Scope, outboundIP string) (OutgoingRuleRemove, error)
	AllowIPAccess(ip string) (OutgoingRuleRemove, error)
	AllowURLAccess(rawURLs ...string) (OutgoingRuleRemove, error)
}

OutgoingTrafficFirewall defines consumer side firewall a.k.a. kill switch. Purpose is to detect traffic which leaves machine and reject it, because during established VPN connection it is expected to leave through tunnel device only.

var DefaultOutgoingFirewall OutgoingTrafficFirewall = &outgoingFirewallNoop{}

DefaultOutgoingFirewall outgoing traffic firewall bootstrapped for global calls.

func NewOutgoingTrafficFirewall ¶

func NewOutgoingTrafficFirewall(enabled bool) OutgoingTrafficFirewall

NewOutgoingTrafficFirewall creates firewall instance for outgoing traffic.

type Scope ¶

type Scope string

Scope type represents scope of blocking consumer traffic.

const (
	// Global scope overrides session scope and is not affected by session scope calls.
	Global Scope = "global"
	// Session scope block is applied before connection session begins and is removed when session ends.
	Session Scope = "session"
)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
ipset
iptables

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL