firewall

package

v0.1.2 Latest Latest Go to latest Published: May 5, 2026 License: MIT Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/agberohq/agbero

Links

Open Source Insights

Documentation ¶

Index ¶

type BlockType
type Config
type Counters
- func NewCounters() *Counters
- func (c *Counters) Increment(ruleID, key string, window time.Duration) int64
- func (c *Counters) Stop()
type Engine
- func New(cfg Config) (*Engine, error)
type Inspector
type Rule
- func (r *Rule) IsExpired() bool
type RuleIterator
type Store
- func NewStore(dataDir expect.Folder, logger *ll.Logger) (*Store, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BlockType ¶

type BlockType uint8

const (
	BlockTypeSingle BlockType = 0
	BlockTypeCIDR   BlockType = 1
)

type Config ¶

type Config struct {
	Firewall       *alaye.Firewall
	TrustedProxies []string
	DataDir        expect.Folder
	Logger         *ll.Logger
	IPMgr          *zulu.IPManager
	SharedState    woos.SharedState
	BotChecker     *bot.Checker
}

type Counters ¶

type Counters struct {
	// contains filtered or unexported fields
}

func NewCounters ¶

func NewCounters() *Counters

NewCounters initializes the rate limit tracking map and garbage collector Ensures bounded memory usage by sweeping expired records periodically

func (*Counters) Increment ¶

func (c *Counters) Increment(ruleID, key string, window time.Duration) int64

Increment safely adds to the key counter using a lock-free compare-and-swap loop Automatically evicts expired timestamps and begins a new rate-limit window

func (*Counters) Stop ¶

func (c *Counters) Stop()

Stop terminates the background cleanup scheduler safely Clears all map data to prevent memory leaks during hot reloads

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

func New ¶

func New(cfg Config) (*Engine, error)

New establishes deep packet inspection rules for perimeter security. It orchestrates whitelists, persistent local bans, and distributed dynamic thresholds.

func (*Engine) Block ¶

func (e *Engine) Block(ip, reason string, duration time.Duration) error

Block adds an IP to the persistent ban store with a reason and expiry duration.

func (*Engine) ClearStore ¶

func (e *Engine) ClearStore() error

ClearStore removes all ban rules from the persistent store.

func (*Engine) Close ¶

func (e *Engine) Close() error

func (*Engine) Handler ¶

func (e *Engine) Handler(next http.Handler, contextRoute *alaye.FirewallRoute) http.Handler

Handler actively checks every packet traversing the mesh configuration boundaries. Applies immediate dropping or payload capturing dependent on rule expressions.

func (*Engine) List ¶

func (e *Engine) List() ([]Rule, error)

List returns all active ban rules from the persistent store.

func (*Engine) PruneStore ¶

func (e *Engine) PruneStore() (int, error)

PruneStore removes expired ban rules from the persistent store.

func (*Engine) Unblock ¶

func (e *Engine) Unblock(ip string) error

Unblock removes an IP from the persistent ban store.

type Inspector ¶

type Inspector struct {
	Req      *http.Request
	Body     []byte
	IP       string
	ParsedIP net.IP
	IsBot    bool
	Logger   *ll.Logger
}

type Rule ¶

type Rule struct {
	IP        string    `json:"ip"`
	Type      BlockType `json:"type"`
	Reason    string    `json:"reason,omitempty"`
	CreatedAt time.Time `json:"created_at"`
	ExpiresAt time.Time `json:"expires_at"`
}

func (*Rule) IsExpired ¶

func (r *Rule) IsExpired() bool

IsExpired reports whether the ban rule has passed its expiry time. Rules with a zero ExpiresAt never expire.

type RuleIterator ¶

type RuleIterator func(Rule) bool

type Store ¶

type Store struct {
	// contains filtered or unexported fields
}

func NewStore ¶

func NewStore(dataDir expect.Folder, logger *ll.Logger) (*Store, error)

func (*Store) Add ¶

func (s *Store) Add(r Rule) error

func (*Store) Clear ¶

func (s *Store) Clear() error

func (*Store) Close ¶

func (s *Store) Close() error

Close shuts down the persist loop and closes the database. Safe to call multiple times; subsequent calls are no-ops.

func (*Store) GetBan ¶

func (s *Store) GetBan(ip string) (*Rule, error)

func (*Store) IterateActive ¶

func (s *Store) IterateActive(iter RuleIterator) error

func (*Store) LoadAll ¶

func (s *Store) LoadAll() ([]Rule, error)

func (*Store) PruneExpired ¶

func (s *Store) PruneExpired() (int, error)

func (*Store) Remove ¶

func (s *Store) Remove(ip string) error

func (*Store) Sync ¶

func (s *Store) Sync() error

Sync blocks until all pending write operations are persisted to disk.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL