firewall

package

v0.6.9 Latest Latest Go to latest Published: Apr 3, 2021 License: AGPL-3.0 Imports: 46 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/safing/portmaster

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packet.Packet)
func FilterResolvedDNS(ctx context.Context, conn *network.Connection, q *resolver.Query, ...) *resolver.RRCache
func GetPermittedPort() uint16
func PermittedAddr(network string) net.Addr
func PermittedTCPAddr() *net.TCPAddr
func PermittedUDPAddr() *net.UDPAddr
func PreventBypassing(conn *network.Connection) (endpoints.EPResult, string, nsutil.Responder)
func SetNameserverIPMatcher(fn func(ip net.IP) bool) error
func UpdateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	CfgOptionEnableFilterKey = "filter/enable"

	CfgOptionAskWithSystemNotificationsKey = "filter/askWithSystemNotifications"

	CfgOptionAskTimeoutKey = "filter/askTimeout"

	CfgOptionPermanentVerdictsKey = "filter/permanentVerdicts"
)

Configuration Keys.

Functions ¶

func DecideOnConnection ¶

func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packet.Packet)

DecideOnConnection makes a decision about a connection. When called, the connection and profile is already locked.

func FilterResolvedDNS ¶ added in v0.6.7

func FilterResolvedDNS(
	ctx context.Context,
	conn *network.Connection,
	q *resolver.Query,
	rrCache *resolver.RRCache,
) *resolver.RRCache

FilterResolvedDNS filters a dns response according to the application profile and settings.

func GetPermittedPort ¶ added in v0.2.5

func GetPermittedPort() uint16

GetPermittedPort returns a local port number that is already permitted for communication. This bypasses the process attribution step to guarantee connectivity. Communication on the returned port is attributed to the Portmaster.

func PermittedAddr ¶ added in v0.2.5

func PermittedAddr(network string) net.Addr

PermittedAddr returns an already permitted local address for the given network for reliable connectivity. Returns nil in case of error.

func PermittedTCPAddr ¶ added in v0.2.5

func PermittedTCPAddr() *net.TCPAddr

PermittedTCPAddr returns an already permitted local tcp address for reliable connectivity. Returns nil in case of error.

func PermittedUDPAddr ¶ added in v0.2.5

func PermittedUDPAddr() *net.UDPAddr

PermittedUDPAddr returns an already permitted local udp address for reliable connectivity. Returns nil in case of error.

func PreventBypassing ¶ added in v0.4.1

func PreventBypassing(conn *network.Connection) (endpoints.EPResult, string, nsutil.Responder)

PreventBypassing checks if the connection should be denied or permitted based on some bypass protection checks.

func SetNameserverIPMatcher ¶ added in v0.6.5

func SetNameserverIPMatcher(fn func(ip net.IP) bool) error

SetNameserverIPMatcher sets a function that is used to match the internal nameserver IP(s). Can only bet set once.

func UpdateIPsAndCNAMEs ¶ added in v0.6.7

func UpdateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection)

UpdateIPsAndCNAMEs saves all the IP->Name mappings to the cache database and updates the CNAMEs in the Connection's Entity.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
inspection
interception
nfq Package nfq contains a nfqueue library experiment.	Package nfq contains a nfqueue library experiment.
windowskext Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.	Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL