Struct NetworkPolicy 

pub struct NetworkPolicy { /* private fields */ }

Deny-by-default IP/CIDR allowlist for ingest endpoints.

Usage

Build a policy with NetworkPolicy::new, populate it with allow_ip / allow_cidr, then call check with the source address of each incoming connection before passing the payload to IngestService.

use std::net::IpAddr;
use edgesentry_rs::NetworkPolicy;

let mut policy = NetworkPolicy::new();
policy.allow_cidr("10.0.0.0/8").unwrap();

let trusted: IpAddr = "10.1.2.3".parse().unwrap();
assert!(policy.check(trusted).is_ok());

let untrusted: IpAddr = "192.168.1.1".parse().unwrap();
assert!(policy.check(untrusted).is_err());

Implementations

impl NetworkPolicy

pub fn new() -> Self

Create an empty policy (all sources denied until rules are added).

pub fn allow_ip(&mut self, addr: IpAddr) -> &mut Self

Permit a single IP address.

pub fn allow_cidr( &mut self, cidr: &str, ) -> Result<&mut Self, NetworkPolicyError>

Permit all addresses within a CIDR block, e.g. "10.0.0.0/8" or "fd00::/8".

pub fn check(&self, source: IpAddr) -> Result<(), NetworkPolicyError>

Returns Ok(()) if source is covered by at least one allowlist entry, or Err(NetworkPolicyError::Denied) if not.

pub fn entries(&self) -> &[AllowedSource]

Returns the list of configured allowlist entries.

Trait Implementations

impl Clone for NetworkPolicy

fn clone(&self) -> NetworkPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for NetworkPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for NetworkPolicy

fn default() -> NetworkPolicy

Returns the “default value” for a type.