Feat linux firewall support (#805)

Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2026-04-18 16:26:38 +00:00 · 2023-05-29 18:00:18 +04:00
parent 2eb9a97fee
commit ba7a39a4fc
51 changed files with 4143 additions and 1013 deletions
--- a/management/proto/management.proto
+++ b/management/proto/management.proto
@@ -186,6 +186,9 @@ message NetworkMap {

  // RemotePeerConfig represents a list of remote peers that the receiver can connect to
  repeated RemotePeerConfig offlinePeers = 7;
+
+  // FirewallRule represents a list of firewall rules to be applied to peer
+  repeated FirewallRule FirewallRules = 8;
 }

 // RemotePeerConfig represents a configuration of a remote peer.
@@ -297,4 +300,29 @@ message NameServer {
  string IP = 1;
  int64  NSType = 2;
  int64  Port = 3;
-}
+}
+
+// FirewallRule represents a firewall rule
+message FirewallRule {
+  string PeerIP = 1;
+  direction Direction = 2;
+  action Action = 3;
+  protocol Protocol = 4;
+  string Port = 5;
+
+  enum direction {
+    IN = 0;
+    OUT = 1;
+  }
+  enum action {
+    ACCEPT = 0;
+    DROP = 1;
+  }
+  enum protocol {
+    UNKNOWN = 0;
+    ALL = 1;
+    TCP = 2;
+    UDP = 3;
+    ICMP = 4;
+  }
+}