mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-25 23:38:42 +01:00
93d20e370b
add an income firewall rule for each routing pair the pair for the income rule has inverted source and destination
68 lines
1.7 KiB
Go
68 lines
1.7 KiB
Go
package routemanager
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"github.com/coreos/go-iptables/iptables"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
import "github.com/google/nftables"
|
|
|
|
const (
|
|
ipv6Forwarding = "netbird-rt-ipv6-forwarding"
|
|
ipv4Forwarding = "netbird-rt-ipv4-forwarding"
|
|
ipv6Nat = "netbird-rt-ipv6-nat"
|
|
ipv4Nat = "netbird-rt-ipv4-nat"
|
|
natFormat = "netbird-nat-%s"
|
|
forwardingFormat = "netbird-fwd-%s"
|
|
inNatFormat = "netbird-nat-in-%s"
|
|
inForwardingFormat = "netbird-fwd-in-%s"
|
|
ipv6 = "ipv6"
|
|
ipv4 = "ipv4"
|
|
)
|
|
|
|
func genKey(format string, input string) string {
|
|
return fmt.Sprintf(format, input)
|
|
}
|
|
|
|
// NewFirewall if supported, returns an iptables manager, otherwise returns a nftables manager
|
|
func NewFirewall(parentCTX context.Context) firewallManager {
|
|
ctx, cancel := context.WithCancel(parentCTX)
|
|
|
|
if isIptablesSupported() {
|
|
log.Debugf("iptables is supported")
|
|
ipv4Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)
|
|
ipv6Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv6)
|
|
|
|
return &iptablesManager{
|
|
ctx: ctx,
|
|
stop: cancel,
|
|
ipv4Client: ipv4Client,
|
|
ipv6Client: ipv6Client,
|
|
rules: make(map[string]map[string][]string),
|
|
}
|
|
}
|
|
|
|
log.Debugf("iptables is not supported, using nftables")
|
|
|
|
manager := &nftablesManager{
|
|
ctx: ctx,
|
|
stop: cancel,
|
|
conn: &nftables.Conn{},
|
|
chains: make(map[string]map[string]*nftables.Chain),
|
|
rules: make(map[string]*nftables.Rule),
|
|
}
|
|
|
|
return manager
|
|
}
|
|
|
|
func getInPair(pair routerPair) routerPair {
|
|
return routerPair{
|
|
ID: pair.ID,
|
|
// invert source/destination
|
|
source: pair.destination,
|
|
destination: pair.source,
|
|
masquerade: pair.masquerade,
|
|
}
|
|
}
|