manager

package
v0.28.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 25, 2024 License: BSD-3-Clause Imports: 3 Imported by: 5

Documentation

Index

Constants

View Source
const (
	NatFormat          = "netbird-nat-%s"
	ForwardingFormat   = "netbird-fwd-%s"
	InNatFormat        = "netbird-nat-in-%s"
	InForwardingFormat = "netbird-fwd-in-%s"
)

Variables

This section is empty.

Functions

func GenKey

func GenKey(format string, input string) string

Types

type Action

type Action int

Action is the action to be taken on a rule

const (
	// ActionAccept is the action to accept a packet
	ActionAccept Action = iota
	// ActionDrop is the action to drop a packet
	ActionDrop
)

type Manager

type Manager interface {
	// AllowNetbird allows netbird interface traffic
	AllowNetbird() error

	// AddFiltering rule to the firewall
	//
	// If comment argument is empty firewall manager should set
	// rule ID as comment for the rule
	AddFiltering(
		ip net.IP,
		proto Protocol,
		sPort *Port,
		dPort *Port,
		direction RuleDirection,
		action Action,
		ipsetName string,
		comment string,
	) ([]Rule, error)

	// DeleteRule from the firewall by rule definition
	DeleteRule(rule Rule) error

	// IsServerRouteSupported returns true if the firewall supports server side routing operations
	IsServerRouteSupported() bool

	// InsertRoutingRules inserts a routing firewall rule
	InsertRoutingRules(pair RouterPair) error

	// RemoveRoutingRules removes a routing firewall rule
	RemoveRoutingRules(pair RouterPair) error

	// Reset firewall to the default state
	Reset() error

	// Flush the changes to firewall controller
	Flush() error
}

Manager is the high level abstraction of a firewall manager

It declares methods which handle actions required by the Netbird client for ACL and routing functionality

type Port

type Port struct {
	// IsRange is true Values contains two values, the first is the start port, the second is the end port
	IsRange bool

	// Values contains one value for single port, multiple values for the list of ports, or two values for the range of ports
	Values []int
}

Port of the address for firewall rule

func (*Port) String

func (p *Port) String() string

String interface implementation

type Protocol

type Protocol string

Protocol is the protocol of the port

const (
	// ProtocolTCP is the TCP protocol
	ProtocolTCP Protocol = "tcp"

	// ProtocolUDP is the UDP protocol
	ProtocolUDP Protocol = "udp"

	// ProtocolICMP is the ICMP protocol
	ProtocolICMP Protocol = "icmp"

	// ProtocolALL cover all supported protocols
	ProtocolALL Protocol = "all"

	// ProtocolUnknown unknown protocol
	ProtocolUnknown Protocol = "unknown"
)

type RouterPair

type RouterPair struct {
	ID          string
	Source      string
	Destination string
	Masquerade  bool
}

func GetInPair

func GetInPair(pair RouterPair) RouterPair

type Rule

type Rule interface {
	// GetRuleID returns the rule id
	GetRuleID() string
}

Rule abstraction should be implemented by each firewall manager

Each firewall type for different OS can use different type of the properties to hold data of the created rule

type RuleDirection

type RuleDirection int

RuleDirection is the traffic direction which a rule is applied

const (
	// RuleDirectionIN applies to filters that handlers incoming traffic
	RuleDirectionIN RuleDirection = iota
	// RuleDirectionOUT applies to filters that handlers outgoing traffic
	RuleDirectionOUT
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL