firewall

package
v1.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 24, 2023 License: AGPL-3.0 Imports: 52 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CfgOptionEnableFilterKey = "filter/enable"

	CfgOptionAskWithSystemNotificationsKey = "filter/askWithSystemNotifications"

	CfgOptionAskTimeoutKey = "filter/askTimeout"

	CfgOptionPermanentVerdictsKey = "filter/permanentVerdicts"

	CfgOptionDNSQueryInterceptionKey = "filter/dnsQueryInterception"
)

Configuration Keys.

Functions

func DeriveTunnelOptions added in v1.4.4

func DeriveTunnelOptions(lp *profile.LayeredProfile, proc *process.Process, destination *intel.Entity, connEncrypted bool) *navigator.Options

DeriveTunnelOptions derives and returns the tunnel options from the connection and profile.

func FilterConnection added in v0.9.11

func FilterConnection(ctx context.Context, conn *network.Connection, pkt packet.Packet, checkFilter, checkTunnel bool)

FilterConnection runs all the filtering (and tunneling) procedures.

func FilterResolvedDNS added in v0.6.7

func FilterResolvedDNS(
	ctx context.Context,
	conn *network.Connection,
	q *resolver.Query,
	rrCache *resolver.RRCache,
) *resolver.RRCache

FilterResolvedDNS filters a dns response according to the application profile and settings.

func GetPermittedPort added in v0.2.5

func GetPermittedPort(protocol packet.IPProtocol) uint16

GetPermittedPort returns a local port number that is already permitted for communication. This bypasses the process attribution step to guarantee connectivity. Communication on the returned port is attributed to the Portmaster. Every pre-authenticated port is only valid once. If no unused local port number can be found, it will return 0, which is expected to trigger automatic port selection by the underlying OS.

func PermittedAddr added in v0.2.5

func PermittedAddr(network string) net.Addr

PermittedAddr returns an already permitted local address for the given network for reliable connectivity. Returns nil in case of error.

func PermittedTCPAddr added in v0.2.5

func PermittedTCPAddr() *net.TCPAddr

PermittedTCPAddr returns an already permitted local tcp address for reliable connectivity. Returns nil in case of error.

func PermittedUDPAddr added in v0.2.5

func PermittedUDPAddr() *net.UDPAddr

PermittedUDPAddr returns an already permitted local udp address for reliable connectivity. Returns nil in case of error.

func PreventBypassing added in v0.4.1

func PreventBypassing(ctx context.Context, conn *network.Connection) (endpoints.EPResult, string, nsutil.Responder)

PreventBypassing checks if the connection should be denied or permitted based on some bypass protection checks.

func SetNameserverIPMatcher added in v0.6.5

func SetNameserverIPMatcher(fn func(ip net.IP) bool) error

SetNameserverIPMatcher sets a function that is used to match the internal nameserver IP(s). Can only bet set once.

func UpdateIPsAndCNAMEs added in v0.6.7

func UpdateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection)

UpdateIPsAndCNAMEs saves all the IP->Name mappings to the cache database and updates the CNAMEs in the Connection's Entity.

Types

This section is empty.

Directories

Path Synopsis
nfq
Package nfq contains a nfqueue library experiment.
Package nfq contains a nfqueue library experiment.
windowskext
Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.
Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL