mirror of
https://github.com/netbirdio/netbird.git
synced 2026-04-19 08:46:38 +00:00
Refactor protocol handling for firewall rules, add engine tests
This commit is contained in:
@@ -54,6 +54,7 @@ func Create() (*Manager, error) {
|
||||
// If comment is empty rule ID is used as comment
|
||||
func (m *Manager) AddFiltering(
|
||||
ip net.IP,
|
||||
protocol fw.Protocol,
|
||||
port *fw.Port,
|
||||
direction fw.Direction,
|
||||
action fw.Action,
|
||||
@@ -74,27 +75,27 @@ func (m *Manager) AddFiltering(
|
||||
}
|
||||
}
|
||||
|
||||
var portValue, protocolValue string
|
||||
var portValue string
|
||||
if port != nil && port.Values != nil {
|
||||
// TODO: we support only one port per rule in current implementation of ACLs
|
||||
portValue = strconv.Itoa(port.Values[0])
|
||||
switch port.Proto {
|
||||
case fw.PortProtocolTCP:
|
||||
protocolValue = "tcp"
|
||||
case fw.PortProtocolUDP:
|
||||
protocolValue = "udp"
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported protocol: %s", port.Proto)
|
||||
}
|
||||
}
|
||||
|
||||
ruleID := uuid.New().String()
|
||||
if comment == "" {
|
||||
comment = ruleID
|
||||
}
|
||||
|
||||
specs := m.filterRuleSpecs(
|
||||
"filter", ChainFilterName, ip, protocolValue,
|
||||
portValue, direction, action, comment)
|
||||
"filter",
|
||||
ChainFilterName,
|
||||
ip,
|
||||
string(protocol),
|
||||
portValue,
|
||||
direction,
|
||||
action,
|
||||
comment,
|
||||
)
|
||||
if err := client.AppendUnique("filter", ChainFilterName, specs...); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user