mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-23 06:18:46 +01:00
c20f98c8b6
* ACL firewall manager fix/improvement Fix issue with rule squashing, it contained issue when calculated total amount of IPs in the Peer map (doesn't included offline peers). That why squashing not worked. Also this commit changes the rules apply behaviour. Instead policy: 1. Apply all rules from network map 2. Remove all previous applied rules We do: 1. Apply only new rules 2. Remove outdated rules Why first variant was implemented: because when you have drop policy it is important in which order order you rules are and you need totally clean previous state to apply the new. But in the release we didn't include drop policy so we can do this improvement. * Print log message about processed ACL rules
47 lines
997 B
Go
47 lines
997 B
Go
package firewall
|
|
|
|
import (
|
|
"strconv"
|
|
)
|
|
|
|
// Protocol is the protocol of the port
|
|
type Protocol string
|
|
|
|
const (
|
|
// ProtocolTCP is the TCP protocol
|
|
ProtocolTCP Protocol = "tcp"
|
|
|
|
// ProtocolUDP is the UDP protocol
|
|
ProtocolUDP Protocol = "udp"
|
|
|
|
// ProtocolICMP is the ICMP protocol
|
|
ProtocolICMP Protocol = "icmp"
|
|
|
|
// ProtocolALL cover all supported protocols
|
|
ProtocolALL Protocol = "all"
|
|
|
|
// ProtocolUnknown unknown protocol
|
|
ProtocolUnknown Protocol = "unknown"
|
|
)
|
|
|
|
// Port of the address for firewall rule
|
|
type Port struct {
|
|
// IsRange is true Values contains two values, the first is the start port, the second is the end port
|
|
IsRange bool
|
|
|
|
// Values contains one value for single port, multiple values for the list of ports, or two values for the range of ports
|
|
Values []int
|
|
}
|
|
|
|
// String interface implementation
|
|
func (p *Port) String() string {
|
|
var ports string
|
|
for _, port := range p.Values {
|
|
if ports != "" {
|
|
ports += ","
|
|
}
|
|
ports += strconv.Itoa(port)
|
|
}
|
|
return ports
|
|
}
|