diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:49:52 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:49:52 +0000 |
| commit | 55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch) | |
| tree | 33f869f55a1b149e9b7c2b7e201867ca5dd52992 /src/shared/firewall-util-private.h | |
| parent | Initial commit. (diff) | |
| download | systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip | |
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | src/shared/firewall-util-private.h | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/src/shared/firewall-util-private.h b/src/shared/firewall-util-private.h new file mode 100644 index 0000000..38c8dfc --- /dev/null +++ b/src/shared/firewall-util-private.h @@ -0,0 +1,69 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include <stdbool.h> +#include <stdint.h> + +#include "sd-netlink.h" + +#include "firewall-util.h" +#include "in-addr-util.h" + +typedef enum FirewallBackend { + FW_BACKEND_NONE, +#if HAVE_LIBIPTC + FW_BACKEND_IPTABLES, +#endif + FW_BACKEND_NFTABLES, + _FW_BACKEND_MAX, + _FW_BACKEND_INVALID = -EINVAL, +} FirewallBackend; + +struct FirewallContext { + FirewallBackend backend; + sd_netlink *nfnl; +}; + +const char *firewall_backend_to_string(FirewallBackend b) _const_; + +int fw_nftables_init(FirewallContext *ctx); +int fw_nftables_init_full(FirewallContext *ctx, bool init_tables); +void fw_nftables_exit(FirewallContext *ctx); + +int fw_nftables_add_masquerade( + FirewallContext *ctx, + bool add, + int af, + const union in_addr_union *source, + unsigned source_prefixlen); + +int fw_nftables_add_local_dnat( + FirewallContext *ctx, + bool add, + int af, + int protocol, + uint16_t local_port, + const union in_addr_union *remote, + uint16_t remote_port, + const union in_addr_union *previous_remote); + +#if HAVE_LIBIPTC +struct xtc_handle; + +int fw_iptables_add_masquerade( + bool add, + int af, + const union in_addr_union *source, + unsigned source_prefixlen); + +int fw_iptables_add_local_dnat( + bool add, + int af, + int protocol, + uint16_t local_port, + const union in_addr_union *remote, + uint16_t remote_port, + const union in_addr_union *previous_remote); + +int fw_iptables_init_nat(struct xtc_handle **ret); +#endif |