-
Notifications
You must be signed in to change notification settings - Fork 26
/
firewall.go
71 lines (63 loc) · 1.97 KB
/
firewall.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package firewall
import (
"github.com/gravitl/netmaker/logger"
"github.com/gravitl/netmaker/models"
)
var (
fwCrtl firewallController
)
type rulesCfg struct {
isIpv4 bool
rulesMap map[string][]ruleInfo
}
type ruleInfo struct {
rule []string
nfRule any
table string
chain string
}
type ruletable map[string]rulesCfg
type serverrulestable map[string]ruletable
const (
ingressTable = "ingress"
egressTable = "egress"
)
type firewallController interface {
// CreateChains creates a firewall chains and jump rules
CreateChains() error
// ForwardRule inserts forwarding rules
ForwardRule() error
// InsertEgressRoutingRules - adds a egress routing rules for egressGw
InsertEgressRoutingRules(server string, egressInfo models.EgressInfo) error
// RemoveRoutingRules removes all routing rules firewall rules of a peer
RemoveRoutingRules(server, tableName, peerKey string) error
// DeleteRoutingRule removes rules related to a peer
DeleteRoutingRule(server, tableName, srcPeer, dstPeer string) error
// CleanRoutingRules cleans a firewall set of containers related to a server
CleanRoutingRules(server, tableName string)
// FetchRules - fetches current state of rules from controller
FetchRuleTable(server, ruleTableName string) ruletable
// DeleteRuleTable - deletes the entire rule table by server
DeleteRuleTable(server, ruleTableName string)
// SaveRules - saves the ruleTable under the given server
SaveRules(server, ruleTableName string, ruleTable ruletable)
// FlushAll - clears all rules from netmaker chains and deletes the chains
FlushAll()
}
// Init - initialises the firewall controller,return a close func to flush all rules
func Init() (func(), error) {
var err error
logger.Log(0, "Starting firewall...")
fwCrtl, err = newFirewall()
if err != nil {
return func() {}, err
}
if err := fwCrtl.CreateChains(); err != nil {
return fwCrtl.FlushAll, err
}
err = fwCrtl.ForwardRule()
if err != nil {
return fwCrtl.FlushAll, err
}
return fwCrtl.FlushAll, nil
}