Documentation ¶
Index ¶
- type IFaceMapper
- type Manager
- func (m *Manager) AddNatRule(pair firewall.RouterPair) error
- func (m *Manager) AddPeerFiltering(ip net.IP, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, ...) ([]firewall.Rule, error)
- func (m *Manager) AddRouteFiltering(sources []netip.Prefix, destination netip.Prefix, proto firewall.Protocol, ...) (firewall.Rule, error)
- func (m *Manager) AddUDPPacketHook(in bool, ip net.IP, dPort uint16, hook func([]byte) bool) string
- func (m *Manager) AllowNetbird() error
- func (m *Manager) DeletePeerRule(rule firewall.Rule) error
- func (m *Manager) DeleteRouteRule(rule firewall.Rule) error
- func (m *Manager) DropIncoming(packetData []byte) bool
- func (m *Manager) DropOutgoing(packetData []byte) bool
- func (m *Manager) Flush() error
- func (m *Manager) IsServerRouteSupported() bool
- func (m *Manager) RemoveNatRule(pair firewall.RouterPair) error
- func (m *Manager) RemovePacketHook(hookID string) error
- func (m *Manager) Reset() error
- func (m *Manager) SetLegacyManagement(_ bool) error
- func (m *Manager) SetNetwork(network *net.IPNet)
- type Rule
- type RuleSet
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IFaceMapper ¶
type IFaceMapper interface { SetFilter(device.PacketFilter) error Address() iface.WGAddress }
IFaceMapper defines subset methods of interface required for manager
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager userspace firewall manager
func Create ¶
func Create(iface IFaceMapper) (*Manager, error)
Create userspace firewall manager constructor
func CreateWithNativeFirewall ¶ added in v0.24.4
func CreateWithNativeFirewall(iface IFaceMapper, nativeFirewall firewall.Manager) (*Manager, error)
func (*Manager) AddNatRule ¶ added in v0.30.0
func (m *Manager) AddNatRule(pair firewall.RouterPair) error
func (*Manager) AddPeerFiltering ¶ added in v0.30.0
func (m *Manager) AddPeerFiltering( ip net.IP, proto firewall.Protocol, sPort *firewall.Port, dPort *firewall.Port, direction firewall.RuleDirection, action firewall.Action, ipsetName string, comment string, ) ([]firewall.Rule, error)
AddPeerFiltering rule to the firewall
If comment argument is empty firewall manager should set rule ID as comment for the rule
func (*Manager) AddRouteFiltering ¶ added in v0.30.0
func (*Manager) AddUDPPacketHook ¶ added in v0.21.2
func (m *Manager) AddUDPPacketHook( in bool, ip net.IP, dPort uint16, hook func([]byte) bool, ) string
AddUDPPacketHook calls hook when UDP packet from given direction matched
Hook function returns flag which indicates should be the matched package dropped or not
func (*Manager) AllowNetbird ¶ added in v0.23.0
AllowNetbird allows netbird interface traffic
func (*Manager) DeletePeerRule ¶ added in v0.30.0
DeletePeerRule from the firewall by rule definition
func (*Manager) DeleteRouteRule ¶ added in v0.30.0
func (*Manager) DropIncoming ¶
DropIncoming filter incoming packets
func (*Manager) DropOutgoing ¶
DropOutgoing filter outgoing packets
func (*Manager) IsServerRouteSupported ¶ added in v0.24.4
func (*Manager) RemoveNatRule ¶ added in v0.30.0
func (m *Manager) RemoveNatRule(pair firewall.RouterPair) error
RemoveNatRule removes a routing firewall rule
func (*Manager) RemovePacketHook ¶ added in v0.21.2
RemovePacketHook removes packet hook by given ID
func (*Manager) SetLegacyManagement ¶ added in v0.30.0
SetLegacyManagement doesn't need to be implemented for this manager
func (*Manager) SetNetwork ¶
SetNetwork of the wireguard interface to which filtering applied