firewall

package
v1.6.27 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: GPL-3.0 Imports: 52 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CfgOptionEnableFilterKey = "filter/enable"

	CfgOptionAskWithSystemNotificationsKey = "filter/askWithSystemNotifications"

	CfgOptionAskTimeoutKey = "filter/askTimeout"

	CfgOptionPermanentVerdictsKey = "filter/permanentVerdicts"

	CfgOptionDNSQueryInterceptionKey = "filter/dnsQueryInterception"
)

Configuration Keys.

Functions

func DeriveTunnelOptions

func DeriveTunnelOptions(lp *profile.LayeredProfile, proc *process.Process, destination *intel.Entity, connEncrypted bool) *navigator.Options

DeriveTunnelOptions derives and returns the tunnel options from the connection and profile.

func FilterConnection

func FilterConnection(ctx context.Context, conn *network.Connection, pkt packet.Packet, checkFilter, checkTunnel bool)

FilterConnection runs all the filtering (and tunneling) procedures.

func FilterResolvedDNS

func FilterResolvedDNS(
	ctx context.Context,
	conn *network.Connection,
	q *resolver.Query,
	rrCache *resolver.RRCache,
) *resolver.RRCache

FilterResolvedDNS filters a dns response according to the application profile and settings.

func GetPermittedPort

func GetPermittedPort(protocol packet.IPProtocol) uint16

GetPermittedPort returns a local port number that is already permitted for communication. This bypasses the process attribution step to guarantee connectivity. Communication on the returned port is attributed to the Portmaster. Every pre-authenticated port is only valid once. If no unused local port number can be found, it will return 0, which is expected to trigger automatic port selection by the underlying OS.

func PermittedAddr

func PermittedAddr(network string) net.Addr

PermittedAddr returns an already permitted local address for the given network for reliable connectivity. Returns nil in case of error.

func PermittedTCPAddr

func PermittedTCPAddr() *net.TCPAddr

PermittedTCPAddr returns an already permitted local tcp address for reliable connectivity. Returns nil in case of error.

func PermittedUDPAddr

func PermittedUDPAddr() *net.UDPAddr

PermittedUDPAddr returns an already permitted local udp address for reliable connectivity. Returns nil in case of error.

func PreventBypassing

func PreventBypassing(ctx context.Context, conn *network.Connection) (endpoints.EPResult, string, nsutil.Responder)

PreventBypassing checks if the connection should be denied or permitted based on some bypass protection checks.

func SaveIPsInCache added in v1.6.27

func SaveIPsInCache(ips []net.IP, profileID string, record resolver.ResolvedDomain)

SaveIPsInCache saves the provided ips in the dns cashe assoseted with the record Domain and CNAMEs.

func SetNameserverIPMatcher

func SetNameserverIPMatcher(fn func(ip net.IP) bool) error

SetNameserverIPMatcher sets a function that is used to match the internal nameserver IP(s). Can only bet set once.

func UpdateIPsAndCNAMEs

func UpdateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection)

UpdateIPsAndCNAMEs saves all the IP->Name mappings to the cache database and updates the CNAMEs in the Connection's Entity.

Types

type Firewall added in v1.6.19

type Firewall struct {
	// contains filtered or unexported fields
}

func New added in v1.6.19

func New(instance instance) (*Firewall, error)

func (*Firewall) Manager added in v1.6.19

func (f *Firewall) Manager() *mgr.Manager

func (*Firewall) Start added in v1.6.19

func (f *Firewall) Start() error

func (*Firewall) Stop added in v1.6.19

func (f *Firewall) Stop() error

Directories

Path Synopsis
nfq
Package nfq contains a nfqueue library experiment.
Package nfq contains a nfqueue library experiment.
windowskext
Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.
Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.
windowskext2
Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.
Package windowskext provides network interception capabilities on windows via the Portmaster Kernel Extension.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL