firewall

package

v0.12.0 Latest Latest Go to latest Published: Oct 8, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/webmeshproj/webmesh

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package firewall contains an interface for interacting with the system firewall.

Index ¶

type DNATOptions
type Firewall
- func New(ctx context.Context, opts *Options) (Firewall, error)
type Options
type Policy
type PortRange

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DNATOptions ¶

type DNATOptions struct {
	// Protocol is the protocol to apply the rule to.
	Protocol string
	// SrcPrefix is the source IP prefix to apply the rule to.
	SrcPrefix netip.Prefix
	// DstPrefix is the destination IP prefix to apply the rule to.
	// If left unset, masquerade will be used. Note that masquerade
	// will only work if the the source knows to route desired traffic
	// towards this router.
	DstPrefix netip.Prefix
	// PortRange is the port range to apply the rule to.
	PortRange *PortRange
}

DNATOptions are options for configuring a postrouting rule.

type Firewall ¶

type Firewall interface {
	// AddWireguardForwarding should configure the firewall to allow forwarding traffic on the wireguard interface.
	AddWireguardForwarding(ctx context.Context, ifaceName string) error
	// AddMasquerade should configure the firewall to masquerade outbound traffic on the wireguard interface.
	AddMasquerade(ctx context.Context, ifaceName string) error
	// Clear should clear any changes made to the firewall.
	Clear(ctx context.Context) error
	// Close should close any resources used by the firewall. It should also perform a Clear.
	Close(ctx context.Context) error
}

Firewall is an interface for interacting with the necessary system firewall rules on a router.

func New ¶

func New(ctx context.Context, opts *Options) (Firewall, error)

New returns a new firewall manager for the given options.

type Options ¶

type Options struct {
	// ID is used to uniquely identify the firewall. It can be empty,
	// in which case it is assumed only a single mesh connection will
	// be using the firewall.
	ID string
	// NetNs is the network namespace to use for the firewall.
	// This is only applicable on Linux.
	NetNs string
	// DefaultPolicy is the default policy for the firewall.
	DefaultPolicy Policy
	// WireguardPort is the port to allow for wireguard traffic.
	WireguardPort uint16
	// StoragePort is the port to allow for storage traffic.
	StoragePort uint16
	// GRPCPort is the port to allow for grpc traffic.
	GRPCPort uint16
}

Options are options for configuring a firewall.

type Policy ¶

type Policy string

Policy is a firewall policy.

const (
	// PolicyAccept is the accept firewall policy.
	PolicyAccept Policy = "accept"
	// PolicyDrop is the drop firewall policy.
	PolicyDrop Policy = "drop"
)

type PortRange ¶

type PortRange struct {
	// Start is the start of the port range.
	Start uint16
	// End is the end of the port range.
	End uint16
}

PortRange is a range of ports.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL