Expand description
Firewall rule matching and evaluation
Provides rule definitions with match criteria (source/dest IP with CIDR, port ranges, protocol, TCP flags, connection state) and actions (Accept, Drop, Reject, Log, Jump, Masquerade, SNAT, DNAT). CIDR matching uses bitmask comparison for efficient subnet checks.
Structs§
- Cidr
Address - IPv4 address with CIDR prefix length for subnet matching
- Firewall
Rule - A single firewall rule with match criteria, action, and counters
- Match
Criteria - Criteria for matching packets against a firewall rule
- Packet
Metadata - Extracted packet metadata used for rule evaluation
- Port
Range - A range of ports for matching (inclusive on both ends)
- Rule
Engine - Manages all firewall rules and provides lookup by ID
- TcpFlags
- TCP flag bitmask for matching
Enums§
- Protocol
- IP protocol for rule matching
- Rule
Action - Action to take when a rule matches