Affected by GO-2025-3781
and 20 other vulnerabilities
GO-2025-3781: Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks in github.com/lxc/incus
GO-2025-3782: Incus creates nftables rules that partially bypass security options in github.com/lxc/incus
GO-2025-4115: Incus vulnerable to local privilege escalation through custom storage volumes in github.com/lxc/incus
GO-2026-4357: Incus container image templating arbitrary host file read and write in github.com/lxc/incus
GO-2026-4359: Incus container environment configuration newline injection in github.com/lxc/incus
GO-2026-4879: Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus
GO-2026-4881: Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus
GO-2026-4882: Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus
GO-2026-4884: Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus
GO-2026-4885: Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus
GO-2026-4886: Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
GO-2026-5127: Incus Vulnerable to Panic via Snapshot Bounds Check in github.com/lxc/incus
GO-2026-5168: Incus has Unbounded YAML Metadata Decode via Parsing in github.com/lxc/incus
GO-2026-5252: Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted) in github.com/lxc/incus
GO-2026-5254: Incus has Blind SSRF via Image Import Preflight HEAD in github.com/lxc/incus
GO-2026-5280: Incus is affected by unbounded binary import disk exhaustion in github.com/lxc/incus
GO-2026-5319: Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots in github.com/lxc/incus
GO-2026-5384: Incus has Nil-Pointer Dereference via S3 Bucket Import in github.com/lxc/incus
GO-2026-5397: Incus has a Nil-Pointer Dereference Panic via Bucket Metadata in github.com/lxc/incus
GO-2026-5612: Incus has a Nil-Pointer Dereference via Custom Volume Import in github.com/lxc/incus
GO-2026-5742: Incus has Nil Dereferences on Restore via Malformed YAML in github.com/lxc/incus

The highest tagged major version is
v7.
package
Version:
v0.7.0
Opens a new window with list of versions in this module.
Published: Mar 26, 2024
License: Apache-2.0
Opens a new window with license information.
Imports: 3
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
type Firewall interface {
String() string
Compat() (bool, error)
NetworkSetup(networkName string, opts drivers.Opts) error
NetworkClear(networkName string, delete bool, ipVersions []uint) error
NetworkApplyACLRules(networkName string, rules []drivers.ACLRule) error
NetworkApplyForwards(networkName string, rules []drivers.AddressForward) error
InstanceSetupBridgeFilter(projectName string, instanceName string, deviceName string, parentName string, hostName string, hwAddr string, IPv4Nets []*net.IPNet, IPv6Nets []*net.IPNet, parentManaged bool) error
InstanceClearBridgeFilter(projectName string, instanceName string, deviceName string, parentName string, hostName string, hwAddr string, IPv4Nets []*net.IPNet, IPv6Nets []*net.IPNet) error
InstanceSetupProxyNAT(projectName string, instanceName string, deviceName string, forward *drivers.AddressForward) error
InstanceClearProxyNAT(projectName string, instanceName string, deviceName string) error
InstanceSetupRPFilter(projectName string, instanceName string, deviceName string, hostName string) error
InstanceClearRPFilter(projectName string, instanceName string, deviceName string) error
InstanceSetupNetPrio(projectName string, instanceName string, deviceName string, netPrio uint32) error
InstanceClearNetPrio(projectName string, instanceName string, deviceName string) error
}
Firewall represents an Incus firewall.
New returns an appropriate firewall implementation.
Uses xtables if nftables isn't compatible or isn't in use already, otherwise uses nftables.
Source Files
¶
Directories
¶
Click to show internal directories.
Click to hide internal directories.