netbird/client/internal/routemanager/firewall_linux.go

//go:build !android

package routemanager

import (
	"context"
	"fmt"

	log "github.com/sirupsen/logrus"
)

const (
	ipv6Forwarding     = "netbird-rt-ipv6-forwarding"
	ipv4Forwarding     = "netbird-rt-ipv4-forwarding"
	ipv6Nat            = "netbird-rt-ipv6-nat"
	ipv4Nat            = "netbird-rt-ipv4-nat"
	natFormat          = "netbird-nat-%s"
	forwardingFormat   = "netbird-fwd-%s"
	inNatFormat        = "netbird-nat-in-%s"
	inForwardingFormat = "netbird-fwd-in-%s"
	ipv6               = "ipv6"
	ipv4               = "ipv4"
)

func genKey(format string, input string) string {
	return fmt.Sprintf(format, input)
}

// NewFirewall if supported, returns an iptables manager, otherwise returns a nftables manager
func NewFirewall(parentCTX context.Context) firewallManager {
	manager, err := newNFTablesManager(parentCTX)
	if err == nil {
		log.Debugf("nftables firewall manager will be used")
		return manager
	}
	log.Debugf("fallback to iptables firewall manager: %s", err)
	return newIptablesManager(parentCTX)
}

func getInPair(pair routerPair) routerPair {
	return routerPair{
		ID: pair.ID,
		// invert source/destination
		source:      pair.destination,
		destination: pair.source,
		masquerade:  pair.masquerade,
	}
}
Add route management for Android interface (#801) Support client route management feature on Android 2023-04-17 11:15:37 +02:00			`//go:build !android`

Add routing peer support (#441) Handle routes updates from management Manage routing firewall rules Manage peer RIB table Add get peer and get notification channel from the status recorder Update interface peers allowed IPs 2022-09-05 09:06:35 +02:00			`package routemanager`

			`import (`
			`"context"`
			`"fmt"`
Add route management for Android interface (#801) Support client route management feature on Android 2023-04-17 11:15:37 +02:00
Add routing peer support (#441) Handle routes updates from management Manage routing firewall rules Manage peer RIB table Add get peer and get notification channel from the status recorder Update interface peers allowed IPs 2022-09-05 09:06:35 +02:00			`log "github.com/sirupsen/logrus"`
			`)`

			`const (`
Add incoming routing rules (#486) add an income firewall rule for each routing pair the pair for the income rule has inverted source and destination 2022-09-30 11:39:15 +02:00			`ipv6Forwarding = "netbird-rt-ipv6-forwarding"`
			`ipv4Forwarding = "netbird-rt-ipv4-forwarding"`
			`ipv6Nat = "netbird-rt-ipv6-nat"`
			`ipv4Nat = "netbird-rt-ipv4-nat"`
			`natFormat = "netbird-nat-%s"`
			`forwardingFormat = "netbird-fwd-%s"`
			`inNatFormat = "netbird-nat-in-%s"`
			`inForwardingFormat = "netbird-fwd-in-%s"`
			`ipv6 = "ipv6"`
			`ipv4 = "ipv4"`
Add routing peer support (#441) Handle routes updates from management Manage routing firewall rules Manage peer RIB table Add get peer and get notification channel from the status recorder Update interface peers allowed IPs 2022-09-05 09:06:35 +02:00			`)`

			`func genKey(format string, input string) string {`
			`return fmt.Sprintf(format, input)`
			`}`

			`// NewFirewall if supported, returns an iptables manager, otherwise returns a nftables manager`
			`func NewFirewall(parentCTX context.Context) firewallManager {`
Sync the iptables/nftables usage with acl logic (#1017) 2023-07-19 19:10:27 +02:00			`manager, err := newNFTablesManager(parentCTX)`
			`if err == nil {`
			`log.Debugf("nftables firewall manager will be used")`
			`return manager`
Add routing peer support (#441) Handle routes updates from management Manage routing firewall rules Manage peer RIB table Add get peer and get notification channel from the status recorder Update interface peers allowed IPs 2022-09-05 09:06:35 +02:00			`}`
Sync the iptables/nftables usage with acl logic (#1017) 2023-07-19 19:10:27 +02:00			`log.Debugf("fallback to iptables firewall manager: %s", err)`
			`return newIptablesManager(parentCTX)`
FIx error on ip6tables not available (#999) * adding check operation to confirm if iptables is available linter * linter 2023-07-14 20:44:35 +02:00			`}`

Add incoming routing rules (#486) add an income firewall rule for each routing pair the pair for the income rule has inverted source and destination 2022-09-30 11:39:15 +02:00			`func getInPair(pair routerPair) routerPair {`
			`return routerPair{`
			`ID: pair.ID,`
			`// invert source/destination`
			`source: pair.destination,`
			`destination: pair.source,`
			`masquerade: pair.masquerade,`
			`}`
			`}`