Expand description
The types in this module make up the structure of the configuration-file(s).
Example
The following is an examplary TOML configuration, which will be parsed into this modules types.
[global_defaults]
external_network_interfaces = "eth0"
[backend_defaults]
custom_tables = { name = "filter", chains = ["input", "forward"]}
[backend_defaults.initialization]
rules = [
"add table inet custom",
]
[container_to_container]
default_policy = "drop"
[[container_to_container.rules]]
network = "common_network"
src_container = "container_a"
dst_container = "container_b"
verdict = "accept"
[container_to_wider_world]
default_policy = "accept"
[[container_to_container.rules]]
network = "other_network"
src_container = "container_c"
verdict = "drop"
[wider_world_to_container]
[[wider_world_to_container.rules]]
network = "common_network"
dst_container = "container_a"
expose_port = [80, 443]
[container_dnat]
[[container_dnat.rules]]
src_network = "common_network"
src_container = "container_a"
dst_network = "other_network"
dst_container = "container_c"
expose_port = { host_port = 8080, container_port = 80, family = "tcp" }
Structs
- The container-DNAT section, defining how containers can communicate with each other over non-common networks.
- Definition for a rule to be used in the container-DNAT section.
- The container-to-container section, defining how containers can communicate amongst each other.
- Definition for a rule to be used in the container-to-container section.
- The container-to-host section, defining how containers can communicate with the host.
- Definition for a rule to be used in the container-to-host section.
- The container-to-wider-world section, defining how containers can communicate with the wider world.
- Definition for a rule to be used in the container-to-wider-world section.
DFW
is the parent type defining the complete configuration used by DFW to build up the firewall rules.- Struct to hold a port definition to expose on the host/between containers.
- Builder for
ExposePort
. - The default configuration section, used by DFW for rule processing.
- The wider-world-to-container section, defining how containers can reached from the wider world.
- Definition for a rule to be used in the wider-world-to-container section.
Enums
- Representation of chain policies.
- Error type for ExposePortBuilder
- Representation of rule policies.