src/shared/firewall-util-private.h

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2 #pragma once
   3
   4 #include <stdbool.h>
   5 #include <stdint.h>
   6
   7 #include "sd-netlink.h"
   8
   9 #include "in-addr-util.h"
  10
  11 typedef enum FirewallBackend {
  12         FW_BACKEND_NONE,
  13 #if HAVE_LIBIPTC
  14         FW_BACKEND_IPTABLES,
  15 #endif
  16         FW_BACKEND_NFTABLES,
  17         _FW_BACKEND_MAX,
  18         _FW_BACKEND_INVALID = -EINVAL,
  19 } FirewallBackend;
  20
  21 struct FirewallContext {
  22         FirewallBackend backend;
  23         sd_netlink *nfnl;
  24 };
  25
  26 const char *firewall_backend_to_string(FirewallBackend b) _const_;
  27
  28 int fw_nftables_init(FirewallContext *ctx);
  29 void fw_nftables_exit(FirewallContext *ctx);
  30
  31 int fw_nftables_add_masquerade(
  32                 FirewallContext *ctx,
  33                 bool add,
  34                 int af,
  35                 const union in_addr_union *source,
  36                 unsigned source_prefixlen);
  37
  38 int fw_nftables_add_local_dnat(
  39                 FirewallContext *ctx,
  40                 bool add,
  41                 int af,
  42                 int protocol,
  43                 uint16_t local_port,
  44                 const union in_addr_union *remote,
  45                 uint16_t remote_port,
  46                 const union in_addr_union *previous_remote);
  47
  48 #if HAVE_LIBIPTC
  49
  50 int fw_iptables_add_masquerade(
  51                 bool add,
  52                 int af,
  53                 const union in_addr_union *source,
  54                 unsigned source_prefixlen);
  55
  56 int fw_iptables_add_local_dnat(
  57                 bool add,
  58                 int af,
  59                 int protocol,
  60                 uint16_t local_port,
  61                 const union in_addr_union *remote,
  62                 uint16_t remote_port,
  63                 const union in_addr_union *previous_remote);
  64 #endif