Documentation
¶
Index ¶
Constants ¶
View Source
const EnvForceUserspaceFirewall = "NB_FORCE_USERSPACE_FIREWALL"
EnvForceUserspaceFirewall forces the use of the userspace packet filter even when native iptables/nftables is available. This only applies when the WireGuard interface runs in userspace mode. When set, peer ACLs are handled by USPFilter instead of kernel netfilter rules.
View Source
const SKIP_NFTABLES_ENV = "NB_SKIP_NFTABLES_CHECK"
SKIP_NFTABLES_ENV is the environment variable to skip nftables check
Variables ¶
This section is empty.
Functions ¶
func NewFirewall ¶ added in v0.24.4
func NewFirewall(iface IFaceMapper, stateManager *statemanager.Manager, flowLogger nftypes.FlowLogger, disableServerRoutes bool, mtu uint16) (firewall.Manager, error)
Types ¶
type IFaceMapper ¶ added in v0.24.4
type IFaceMapper interface {
Name() string
Address() wgaddr.Address
IsUserspaceBind() bool
SetFilter(device.PacketFilter) error
GetDevice() *device.FilteredDevice
GetWGDevice() *wgdevice.Device
}
IFaceMapper defines subset methods of interface required for manager
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.