Module dfw::types

source ·
Expand description

The types in this module make up the structure of the configuration-file(s).

Example

The following is an examplary TOML configuration, which will be parsed into this modules types.

[global_defaults]
external_network_interfaces = "eth0"

[backend_defaults]
custom_tables = { name = "filter", chains = ["input", "forward"]}

[backend_defaults.initialization]
rules = [
    "add table inet custom",
]

[container_to_container]
default_policy = "drop"

[[container_to_container.rules]]
network = "common_network"
src_container = "container_a"
dst_container = "container_b"
verdict = "accept"

[container_to_wider_world]
default_policy = "accept"

[[container_to_container.rules]]
network = "other_network"
src_container = "container_c"
verdict = "drop"

[wider_world_to_container]

[[wider_world_to_container.rules]]
network = "common_network"
dst_container = "container_a"
expose_port = [80, 443]

[container_dnat]

[[container_dnat.rules]]
src_network = "common_network"
src_container = "container_a"
dst_network = "other_network"
dst_container = "container_c"
expose_port = { host_port = 8080, container_port = 80, family = "tcp" }

Structs

  • ContainerDNAT
    The container-DNAT section, defining how containers can communicate with each other over non-common networks.
  • ContainerDNATRule
    Definition for a rule to be used in the container-DNAT section.
  • ContainerToContainer
    The container-to-container section, defining how containers can communicate amongst each other.
  • ContainerToContainerRule
    Definition for a rule to be used in the container-to-container section.
  • ContainerToHost
    The container-to-host section, defining how containers can communicate with the host.
  • ContainerToHostRule
    Definition for a rule to be used in the container-to-host section.
  • ContainerToWiderWorld
    The container-to-wider-world section, defining how containers can communicate with the wider world.
  • ContainerToWiderWorldRule
    Definition for a rule to be used in the container-to-wider-world section.
  • DFW
    DFW is the parent type defining the complete configuration used by DFW to build up the firewall rules.
  • ExposePort
    Struct to hold a port definition to expose on the host/between containers.
  • ExposePortBuilder
    Builder for ExposePort.
  • GlobalDefaults
    The default configuration section, used by DFW for rule processing.
  • WiderWorldToContainer
    The wider-world-to-container section, defining how containers can reached from the wider world.
  • WiderWorldToContainerRule
    Definition for a rule to be used in the wider-world-to-container section.

Enums