Releases: RouteObjects/swift-cidr-admission
Releases · RouteObjects/swift-cidr-admission
Release list
CIDRAdmission 0.1.0
CIDRAdmission 0.1.0
Initial public release of swift-cidr-admission.
CIDRAdmission is a framework-neutral admission-policy package for Swift. It turns external allow/deny CIDR configuration into a compiled IPAdmissionPolicy that can be evaluated against AnyIPAddress values from swift-cidr.
Highlights
- Framework-neutral IP admission policy
- External JSON allow/deny configuration
- Deny-overrides-allow behavior for overlapping CIDR ranges
- IPv4 and IPv6 support through
swift-cidr - Immediate peer-address evaluation support for SwiftNIO-based servers through
CIDRNIO - Vapor and Hummingbird documentation examples
- Runnable nested SwiftNIO TCP echo server example
- Benchmark package for measuring current policy lookup behavior
Example
import CIDR
import CIDRAdmission
import Foundation
enum ExampleError: Error {
case invalidAddress
}
let configURL = URL(fileURLWithPath: "/etc/my-service/ip-admission.json")
let policy = try IPAdmissionPolicy(contentsOf: configURL)
guard let address = AnyIPAddress("10.0.5.12") else {
throw ExampleError.invalidAddress
}
if policy.allows(address) {
// Continue with the request or connection.
} else {
// Reject the request or connection.
}Important
CIDRAdmission is application-level admission control. Use firewall rules, cloud security groups, load balancer ACLs, pf, iptables, or nftables first. Use this package for service-owned policy, defense-in-depth, local deployments, or auditable last checks inside a Swift server process.