Documentation
¶
Overview ¶
Package ipfilter provides IP-based allow/deny filtering for network listeners.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Denial ¶
type Denial struct {
// contains filtered or unexported fields
}
Denial describes the outcome of an IP filter check. A zero-value Denial means the address was allowed.
type DenialInfo ¶
type DenialInfo struct {
// contains filtered or unexported fields
}
DenialInfo tracks per-reason denial counts for display in agent status. It implements the InfoProvider interface from pkg/logs/status/utils.
func NewDenialInfo ¶
func NewDenialInfo() *DenialInfo
NewDenialInfo creates a new DenialInfo instance.
func (*DenialInfo) Info ¶
func (d *DenialInfo) Info() []string
Info returns denial statistics as a sorted list of strings.
func (*DenialInfo) InfoKey ¶
func (d *DenialInfo) InfoKey() string
InfoKey returns the label used in agent status output.
func (*DenialInfo) Record ¶
func (d *DenialInfo) Record(reason string)
Record increments the counter for the given denial reason.
type Filter ¶
type Filter struct {
// contains filtered or unexported fields
}
Filter evaluates incoming connection addresses against allow and deny lists.
Evaluation order (standard firewall semantics):
- If the IP matches any denied prefix, reject.
- If the allow list is non-empty and the IP matches no allowed prefix, reject.
- Otherwise, accept.
func New ¶
New parses the allow and deny string slices into a Filter. Each entry may be a bare IP address (e.g. "10.0.0.1") or CIDR notation (e.g. "10.0.0.0/24").
Source Files