/
firewall.rs
61 lines (56 loc) · 2.47 KB
/
firewall.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#![allow(clippy::redundant_closure)]
use ic_protobuf::registry::firewall::v1::FirewallRule;
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
#[cfg(test)]
use proptest::prelude::{any, Strategy};
#[cfg(test)]
use proptest_derive::Arbitrary;
// This path is not used in practice. The code should panic if it is.
pub const FIREWALL_FILE_DEFAULT_PATH: &str = "/This/must/not/be/a/real/path";
#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[cfg_attr(test, derive(Arbitrary))]
pub struct Config {
/// Path to use for storing state on the file system
#[cfg_attr(
test,
proptest(strategy = "any::<String>().prop_map(|x| PathBuf::from(x))")
)]
pub config_file: PathBuf,
pub file_template: String,
pub ipv4_tcp_rule_template: String,
pub ipv6_tcp_rule_template: String,
pub ipv4_udp_rule_template: String,
pub ipv6_udp_rule_template: String,
pub ipv4_user_output_rule_template: String,
pub ipv6_user_output_rule_template: String,
#[cfg_attr(test, proptest(strategy = "any::<String>().prop_map(|_x| vec![])"))]
pub default_rules: Vec<FirewallRule>,
/// A map from protocol, UDP or TCP, to a list of ports that the node will use to whitelist for other nodes in the subnet.
pub tcp_ports_for_node_whitelist: Vec<u32>,
pub udp_ports_for_node_whitelist: Vec<u32>,
pub ports_for_http_adapter_blacklist: Vec<u32>,
/// We allow a maximum of `max_simultaneous_connections_per_ip_address` persistent connections to any ip address.
/// Any ip address with `max_simultaneous_connections_per_ip_address` connections will be dropped if a new connection is attempted.
pub max_simultaneous_connections_per_ip_address: u32,
}
impl Default for Config {
fn default() -> Self {
Self {
config_file: PathBuf::from(FIREWALL_FILE_DEFAULT_PATH),
file_template: "".to_string(),
ipv4_tcp_rule_template: "".to_string(),
ipv6_tcp_rule_template: "".to_string(),
ipv4_udp_rule_template: "".to_string(),
ipv6_udp_rule_template: "".to_string(),
ipv4_user_output_rule_template: "".to_string(),
ipv6_user_output_rule_template: "".to_string(),
default_rules: vec![],
tcp_ports_for_node_whitelist: vec![],
udp_ports_for_node_whitelist: vec![],
ports_for_http_adapter_blacklist: vec![],
max_simultaneous_connections_per_ip_address: 0,
}
}
}