Documentation ¶
Overview ¶
Package firewall contains an interface for interacting with the system firewall.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DNATOptions ¶
type DNATOptions struct { // Protocol is the protocol to apply the rule to. Protocol string // SrcPrefix is the source IP prefix to apply the rule to. SrcPrefix netip.Prefix // DstPrefix is the destination IP prefix to apply the rule to. // If left unset, masquerade will be used. Note that masquerade // will only work if the the source knows to route desired traffic // towards this router. DstPrefix netip.Prefix // PortRange is the port range to apply the rule to. PortRange *PortRange }
DNATOptions are options for configuring a postrouting rule.
type Firewall ¶
type Firewall interface { // AddWireguardForwarding should configure the firewall to allow forwarding traffic on the wireguard interface. AddWireguardForwarding(ctx context.Context, ifaceName string) error // AddMasquerade should configure the firewall to masquerade outbound traffic on the wireguard interface. AddMasquerade(ctx context.Context, ifaceName string) error // Clear should clear any changes made to the firewall. Clear(ctx context.Context) error // Close should close any resources used by the firewall. It should also perform a Clear. Close(ctx context.Context) error }
Firewall is an interface for interacting with the necessary system firewall rules on a router.
type Options ¶
type Options struct { // ID is used to uniquely identify the firewall. It can be empty, // in which case it is assumed only a single mesh connection will // be using the firewall. ID string // NetNs is the network namespace to use for the firewall. // This is only applicable on Linux. NetNs string // DefaultPolicy is the default policy for the firewall. DefaultPolicy Policy // WireguardPort is the port to allow for wireguard traffic. WireguardPort uint16 // StoragePort is the port to allow for storage traffic. StoragePort uint16 // GRPCPort is the port to allow for grpc traffic. GRPCPort uint16 }
Options are options for configuring a firewall.
Click to show internal directories.
Click to hide internal directories.