firewall

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package firewall contains an interface for interacting with the system firewall.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DNATOptions

type DNATOptions struct {
	// Protocol is the protocol to apply the rule to.
	Protocol string
	// SrcPrefix is the source IP prefix to apply the rule to.
	SrcPrefix netip.Prefix
	// DstPrefix is the destination IP prefix to apply the rule to.
	// If left unset, masquerade will be used. Note that masquerade
	// will only work if the the source knows to route desired traffic
	// towards this router.
	DstPrefix netip.Prefix
	// PortRange is the port range to apply the rule to.
	PortRange *PortRange
}

DNATOptions are options for configuring a postrouting rule.

type Firewall

type Firewall interface {
	// AddWireguardForwarding should configure the firewall to allow forwarding traffic on the wireguard interface.
	AddWireguardForwarding(ctx context.Context, ifaceName string) error
	// AddMasquerade should configure the firewall to masquerade outbound traffic on the wireguard interface.
	AddMasquerade(ctx context.Context, ifaceName string) error
	// Clear should clear any changes made to the firewall.
	Clear(ctx context.Context) error
	// Close should close any resources used by the firewall. It should also perform a Clear.
	Close(ctx context.Context) error
}

Firewall is an interface for interacting with the necessary system firewall rules on a router.

func New

func New(ctx context.Context, opts *Options) (Firewall, error)

New returns a new firewall manager for the given options.

type Options

type Options struct {
	// ID is used to uniquely identify the firewall. It can be empty,
	// in which case it is assumed only a single mesh connection will
	// be using the firewall.
	ID string
	// NetNs is the network namespace to use for the firewall.
	// This is only applicable on Linux.
	NetNs string
	// DefaultPolicy is the default policy for the firewall.
	DefaultPolicy Policy
	// WireguardPort is the port to allow for wireguard traffic.
	WireguardPort uint16
	// StoragePort is the port to allow for storage traffic.
	StoragePort uint16
	// GRPCPort is the port to allow for grpc traffic.
	GRPCPort uint16
}

Options are options for configuring a firewall.

type Policy

type Policy string

Policy is a firewall policy.

const (
	// PolicyAccept is the accept firewall policy.
	PolicyAccept Policy = "accept"
	// PolicyDrop is the drop firewall policy.
	PolicyDrop Policy = "drop"
)

type PortRange

type PortRange struct {
	// Start is the start of the port range.
	Start uint16
	// End is the end of the port range.
	End uint16
}

PortRange is a range of ports.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL