extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-09 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimize ACL performance (#994)

Browse Source 
* Optimize rules with All groups

* Use IP sets in ACLs (nftables implementation)

* Fix squash rule when we receive optimized rules list from management
This commit is contained in:
Givi Khojanashvili
2023-07-18 13:12:50 +04:00
committed by GitHub
parent 7ebe58f20a
commit e69ec6ab6a
15 changed files with 727 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client/firewall/iptables/manager_linux.go
View File

@ -92,6 +92,7 @@ func (m *Manager) AddFiltering(
dPort *fw.Port,
direction fw.RuleDirection,
action fw.Action,
ipsetName string,
comment string,
) (fw.Rule, error) {
m.mutex.Lock()
@ -202,6 +203,9 @@ func (m *Manager) Reset() error {
return nil
}
// Flush doesn't need to be implemented for this manager
func (m *Manager) Flush() error { return nil }
// reset firewall chain, clear it and drop it
func (m *Manager) reset(client *iptables.IPTables, table string) error {
ok, err := client.ChainExists(table, ChainInputFilterName)