Skip to content

Releases: RouteObjects/swift-cidr-admission

CIDRAdmission 0.1.0

Choose a tag to compare

@camunro camunro released this 23 Jun 17:43
0.1.0
fa3b244

CIDRAdmission 0.1.0

Initial public release of swift-cidr-admission.

CIDRAdmission is a framework-neutral admission-policy package for Swift. It turns external allow/deny CIDR configuration into a compiled IPAdmissionPolicy that can be evaluated against AnyIPAddress values from swift-cidr.

Highlights

  • Framework-neutral IP admission policy
  • External JSON allow/deny configuration
  • Deny-overrides-allow behavior for overlapping CIDR ranges
  • IPv4 and IPv6 support through swift-cidr
  • Immediate peer-address evaluation support for SwiftNIO-based servers through CIDRNIO
  • Vapor and Hummingbird documentation examples
  • Runnable nested SwiftNIO TCP echo server example
  • Benchmark package for measuring current policy lookup behavior

Example

import CIDR
import CIDRAdmission
import Foundation

enum ExampleError: Error {
    case invalidAddress
}

let configURL = URL(fileURLWithPath: "/etc/my-service/ip-admission.json")
let policy = try IPAdmissionPolicy(contentsOf: configURL)

guard let address = AnyIPAddress("10.0.5.12") else {
    throw ExampleError.invalidAddress
}

if policy.allows(address) {
    // Continue with the request or connection.
} else {
    // Reject the request or connection.
}

Important

CIDRAdmission is application-level admission control. Use firewall rules, cloud security groups, load balancer ACLs, pf, iptables, or nftables first. Use this package for service-owned policy, defense-in-depth, local deployments, or auditable last checks inside a Swift server process.