Struct nullnet_firewall::Firewall

source · 
pub struct Firewall { /* private fields */ }
Expand description

Object embedding a collection of firewall rules and policies to determine the action to be taken for a given network packet.

A new Firewall can be created from a textual file listing a set of rule.

Implementations§

source§

impl Firewall

source

pub fn new(file_path: &str) -> Result<Self, FirewallError>

Instantiates a new Firewall from a file.

Arguments
  • file_path - The path of a file defining the firewall rules.
Errors

Will return a FirewallError if the rules defined in the file are not properly formatted.

Panics

Will panic if the supplied file_path does not exist or the user does not have permission to read it.

Examples
use nullnet_firewall::Firewall;

let firewall = Firewall::new("./samples/firewall.txt").unwrap();

Sample file content:

OUT REJECT --source 8.8.8.8 --sport 6700:6800,8080
OUT DENY --source 192.168.200.0-192.168.200.255 --sport 6700:6800,8080 --dport 1,2,2000
IN ACCEPT --source 2.1.1.2,2.1.1.3 --dest 2.1.1.1 --proto 1
IN REJECT --source 2.1.1.2 --dest 2.1.1.1 --proto 1 --icmp-type 8
OUT REJECT
IN ACCEPT
source

pub fn resolve_packet( &self, packet: &[u8], direction: &FirewallDirection ) -> FirewallAction

Returns the action to be taken for a supplied network packet, according to rules defined for the Firewall.

Arguments

  • packet - Raw network packet bytes, including headers and payload.

  • direction - The network packet direction (incoming or outgoing).

Examples
use nullnet_firewall::{Firewall, FirewallDirection, FirewallAction};

let firewall = Firewall::new("./samples/firewall.txt").unwrap();

// here we suppose to have a packet to match against the firewall
let packet = [/* ... */];

// determine action for packet, supposing incoming direction for packet
let action = firewall.resolve_packet(&packet, &FirewallDirection::IN);

// act accordingly
match action {
    FirewallAction::ACCEPT => {/* ... */}
    FirewallAction::DENY => {/* ... */}
    FirewallAction::REJECT => {/* ... */}
}
source

pub fn disable(&mut self)

Disables an existing Firewall.

This will make all the network packets be accepted regardless of the rules defined for the firewall.

Examples
use nullnet_firewall::{Firewall, FirewallAction, FirewallDirection};

let mut firewall = Firewall::new("./samples/firewall.txt").unwrap();

// here we suppose to have a packet to match against the firewall
let packet = [/* ... */];

// disable the firewall
firewall.disable();

// a disabled firewall will accept everything
assert_eq!(
    firewall.resolve_packet(&packet, &FirewallDirection::IN),
    FirewallAction::ACCEPT
);
source

pub fn enable(&mut self)

Enables an existing Firewall.

When a new firewall is created, it’s enabled by default.

When the firewall is enabled, the actions to take for network packets are determined according to the specified rules.

Examples
use nullnet_firewall::Firewall;

// a new firewall is enabled by default
let mut firewall = Firewall::new("./samples/firewall.txt").unwrap();

// disable the firewall
firewall.disable();

/* ... */

// enable the firewall again
firewall.enable();
source

pub fn set_policy_in(&mut self, policy: FirewallAction)

Sets the input policy for an existing Firewall.

Arguments
  • policy - The policy to use for incoming packets that don’t match any of the specified rules.
Examples
use nullnet_firewall::{Firewall, FirewallAction};

let mut firewall = Firewall::new("./samples/firewall.txt").unwrap();

// set the firewall input policy
firewall.set_policy_in(FirewallAction::DENY);
source

pub fn set_policy_out(&mut self, policy: FirewallAction)

Sets the output policy for an existing Firewall.

Arguments
  • policy - The policy to use for outgoing packets that don’t match any of the specified rules.
Examples
use nullnet_firewall::{Firewall, FirewallAction};

let mut firewall = Firewall::new("./samples/firewall.txt").unwrap();

// set the firewall output policy
firewall.set_policy_out(FirewallAction::ACCEPT);

Trait Implementations§

source§

impl Debug for Firewall

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for Firewall

source§

fn default() -> Firewall

Returns the “default value” for a type. Read more
source§

impl PartialEq for Firewall

source§

fn eq(&self, other: &Firewall) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Eq for Firewall

source§

impl StructuralEq for Firewall

source§

impl StructuralPartialEq for Firewall

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.