pub parse_str_to_rules(line: &str) -> Result<Vec<fuchsia_net_filter::Rule>, pest::error::Error<Rule>>
pub parse_str_to_nat_rules(line: &str) -> Result<Vec<fuchsia_net_filter::Nat>, pest::error::Error<Rule>>
pub parse_str_to_rdr_rules(line: &str) -> Result<Vec<fuchsia_net_filter::Rdr>, pest::error::Error<Rule>>
action direction ["quick"] ["proto" proto] ["from" [["!"]src_subnet] [src_port]] ["to" [["!"]dst_subnet] [dst_port]] [log] [state] ";"
action
“pass”, “drop”, or “dropreset”.
direction
“in” or “out”.
quick (optional)
The rule is selected immediately. Usually a rule is selected only if that is the last matched rule in the set of rules.
proto (optional)
“tcp”, “udp”, or “icmp”.
src_subnet, dst_subnet (optional)
IP address and netmask in CIDR Notation. If this is ommitted, any address can match.
src_port, dst_port (optional)
“port” port-number, or “range” start-port-number":"end-port-number.
If this is ommited, any port can match.
log (optional)
Enable logging. Logging is disabled by default.
state (optional)
“keep state” (default) or “no state”.
“pass in proto tcp from 2607:f8b0:4005:80b::/64 port 10000 to 192.168.42.0/24 port 1000;”
&[ filter::Rule { action: filter::Action::Pass, direction: filter::Direction::Incoming, quick: false, proto: net::SocketProtocol::Tcp, src_subnet: Some(Box::new(net::Subnet{ addr: net::IpAddress::Ipv6(net::Ipv6Address{ addr: [0x26, 0x07, 0xf8, 0xb0, 0x40, 0x05, 0x08, 0x0b, 0, 0, 0, 0, 0, 0, 0, 0] }), prefix_len: 64, })), src_subnet_invert_match: false, src_port: filter::Port { start: 10000, end: 10000 }, dst_subnet: Some(Box::new(net::Subnet{ addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 0] }), prefix_len: 24, })), dst_subnet_invert_match: false, dst_port: filter::Port { start: 1000, end: 1000 }, nic: 0, log: false, keep_state: true, }, ]
“pass in proto tcp from range 10000:10010;”
&[ filter::Rule { action: filter::Action::Pass, direction: filter::Direction::Incoming, quick: false, proto: filter::SocketProtocol::Tcp, src_subnet: None, src_subnet_invert_match: false, src_port: filter::Port { start: 10000, end: 10010 }, dst_subnet: None, dst_subnet_invert_match: false, dst_port: filter::Port { start: 0, end: 0 }, nic: 0, log: false, keep_state: true, } ]
"nat" ["proto" proto] "from" subnet "->" "from" ipaddr ";"
proto (optional)
“tcp”, “udp”, or “icmp”.
subnet
IP address and netmask in CIDR Notation.
ipaddr
IP address.
&[ filter::Nat { proto: filter::SocketProtocol::Any, src_subnet: net::Subnet{ addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 0] }), prefix_len: 24, }, new_src_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [10, 0, 0, 1] }), nic: 0, }, ]
"rdr" ["proto" proto] "to" ipaddr dst_port "->" "to" ipaddr dst_port ";"
proto (optional)
“tcp”, “udp”, or “icmp”.
ipaddr
IP address.
dst_port
“port” port-number, or “range” start-port-number":"end-port-number
“rdr proto tcp to 10.0.0.1 port 10000 -> to 192.168.42.1 port 10000;”
&[ filter::Rdr { proto: net::SocketProtocol::Tcp, dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [10, 0, 0, 1] }), dst_port_range: filter::Port { start: 10000, end: 10000 }, new_dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 1] }), new_dst_port_offset: 10000, nic: 0, }, ]
“rdr proto tcp to 10.0.0.1 range 10000:10005 -> to 192.168.42.1 range 20000:20005;”
&[ filter::Rdr { proto: net::SocketProtocol::Tcp, dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [10, 0, 0, 1] }), dst_port_range: filter::Port { start: 10000, end: 10005 }, new_dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 1] }), new_dst_port_range: filter::Port { start: 20000, end: 20005 }, nic: 0, }, ]