Documentation ¶
Index ¶
- Constants
- func GenKey(format string, pair RouterPair) string
- func GenerateSetName(sources []netip.Prefix) string
- func MergeIPRanges(prefixes []netip.Prefix) []netip.Prefix
- func SetLegacyManagement(router LegacyManager, isLegacy bool) error
- func SortPrefixes(prefixes []netip.Prefix)
- type Action
- type LegacyManager
- type Manager
- type Port
- type Protocol
- type RouterPair
- type Rule
- type RuleDirection
Constants ¶
const ( ForwardingFormatPrefix = "netbird-fwd-" ForwardingFormat = "netbird-fwd-%s-%t" NatFormat = "netbird-nat-%s-%t" )
Variables ¶
This section is empty.
Functions ¶
func GenKey ¶
func GenKey(format string, pair RouterPair) string
func GenerateSetName ¶ added in v0.30.0
GenerateSetName generates a unique name for an ipset based on the given sources.
func MergeIPRanges ¶ added in v0.30.0
MergeIPRanges merges overlapping IP ranges and returns a slice of non-overlapping netip.Prefix
func SetLegacyManagement ¶ added in v0.30.0
func SetLegacyManagement(router LegacyManager, isLegacy bool) error
SetLegacyManagement sets the route manager to use legacy management
func SortPrefixes ¶ added in v0.30.1
SortPrefixes sorts the given slice of netip.Prefix in place. It sorts first by IP address, then by prefix length (most specific to least specific).
Types ¶
type LegacyManager ¶ added in v0.30.0
type LegacyManager interface { RemoveAllLegacyRouteRules() error GetLegacyManagement() bool SetLegacyManagement(bool) }
LegacyManager defines the interface for legacy management operations
type Manager ¶
type Manager interface { Init(stateManager *statemanager.Manager) error // AllowNetbird allows netbird interface traffic AllowNetbird() error // AddPeerFiltering adds a rule to the firewall // // If comment argument is empty firewall manager should set // rule ID as comment for the rule AddPeerFiltering( ip net.IP, proto Protocol, sPort *Port, dPort *Port, direction RuleDirection, action Action, ipsetName string, comment string, ) ([]Rule, error) // DeletePeerRule from the firewall by rule definition DeletePeerRule(rule Rule) error // IsServerRouteSupported returns true if the firewall supports server side routing operations IsServerRouteSupported() bool AddRouteFiltering(source []netip.Prefix, destination netip.Prefix, proto Protocol, sPort *Port, dPort *Port, action Action) (Rule, error) // DeleteRouteRule deletes a routing rule DeleteRouteRule(rule Rule) error // AddNatRule inserts a routing NAT rule AddNatRule(pair RouterPair) error // RemoveNatRule removes a routing NAT rule RemoveNatRule(pair RouterPair) error // SetLegacyManagement sets the legacy management mode SetLegacyManagement(legacy bool) error // Reset firewall to the default state Reset(stateManager *statemanager.Manager) error // Flush the changes to firewall controller Flush() error }
Manager is the high level abstraction of a firewall manager
It declares methods which handle actions required by the Netbird client for ACL and routing functionality
type Port ¶
type Port struct { // IsRange is true Values contains two values, the first is the start port, the second is the end port IsRange bool // Values contains one value for single port, multiple values for the list of ports, or two values for the range of ports Values []int }
Port of the address for firewall rule
type Protocol ¶
type Protocol string
Protocol is the protocol of the port
const ( // ProtocolTCP is the TCP protocol ProtocolTCP Protocol = "tcp" // ProtocolUDP is the UDP protocol ProtocolUDP Protocol = "udp" // ProtocolICMP is the ICMP protocol ProtocolICMP Protocol = "icmp" // ProtocolALL cover all supported protocols ProtocolALL Protocol = "all" // ProtocolUnknown unknown protocol ProtocolUnknown Protocol = "unknown" )
type RouterPair ¶
type RouterPair struct { ID route.ID Source netip.Prefix Destination netip.Prefix Masquerade bool Inverse bool }
func GetInversePair ¶ added in v0.30.0
func GetInversePair(pair RouterPair) RouterPair
type Rule ¶
type Rule interface { // GetRuleID returns the rule id GetRuleID() string }
Rule abstraction should be implemented by each firewall manager
Each firewall type for different OS can use different type of the properties to hold data of the created rule
type RuleDirection ¶
type RuleDirection int
RuleDirection is the traffic direction which a rule is applied
const ( // RuleDirectionIN applies to filters that handlers incoming traffic RuleDirectionIN RuleDirection = iota // RuleDirectionOUT applies to filters that handlers outgoing traffic RuleDirectionOUT )