Module host_firewall 

Host firewall helpers for FIPS mesh TUN interfaces.

This module intentionally owns only narrowly scoped rules for one mesh interface. The policy is default-deny for FIPS-addressed inbound traffic and outbound traffic, with stateful outbound TCP allowed and optional inbound TCP service ports.

Structs

HostFirewallConfig

Platform firewall configuration for a FIPS host-facing TUN interface.

HostFirewallGuard

RAII guard for installed host firewall rules.

Enums

HostFirewallError

Errors returned while installing platform firewall rules.

Constants

FIPS_MESH_IPV6_PREFIX

The IPv6 prefix used by FIPS mesh addresses.

Functions

render_nft_host_firewall_rules