pub parse_str_to_rules(line: &str) -> Result<Vec<fuchsia_net_filter::Rule>, pest::error::Error<Rule>>
pub parse_str_to_nat_rules(line: &str) -> Result<Vec<fuchsia_net_filter::Nat>, pest::error::Error<Rule>>
pub parse_str_to_rdr_rules(line: &str) -> Result<Vec<fuchsia_net_filter::Rdr>, pest::error::Error<Rule>>
action direction ["quick"] ["proto" proto] ["from" [["!"]src_subnet] [src_port]] ["to" [["!"]dst_subnet] [dst_port]] [log] [state] ";"
action
“pass”, “drop”, or “dropreset”.
direction
“in” or “out”.
quick (optional)
The rule is selected immediately. Usually a rule is selected only if that is the last matched rule in the set of rules.
proto (optional)
“tcp”, “udp”, or “icmp”.
src_subnet, dst_subnet (optional)
IP address and netmask in CIDR Notation. If this is ommitted, any address can match.
src_port, dst_port (optional)
“port” port-number, or “range” start-port-number":"end-port-number.
If this is ommited, any port can match.
log (optional)
Enable logging. Logging is disabled by default.
state (optional)
“keep state” (default) or “no state”.
“pass in proto tcp from 2607:f8b0:4005:80b::/64 port 10000 to 192.168.42.0/24 port 1000;”
&[
filter::Rule {
action: filter::Action::Pass,
direction: filter::Direction::Incoming,
quick: false,
proto: net::SocketProtocol::Tcp,
src_subnet: Some(Box::new(net::Subnet{
addr: net::IpAddress::Ipv6(net::Ipv6Address{
addr: [0x26, 0x07, 0xf8, 0xb0, 0x40, 0x05, 0x08, 0x0b, 0, 0, 0, 0, 0, 0, 0, 0]
}),
prefix_len: 64,
})),
src_subnet_invert_match: false,
src_port: filter::Port { start: 10000, end: 10000 },
dst_subnet: Some(Box::new(net::Subnet{
addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 0] }),
prefix_len: 24,
})),
dst_subnet_invert_match: false,
dst_port: filter::Port { start: 1000, end: 1000 },
nic: 0,
log: false,
keep_state: true,
},
]
“pass in proto tcp from range 10000:10010;”
&[
filter::Rule {
action: filter::Action::Pass,
direction: filter::Direction::Incoming,
quick: false,
proto: filter::SocketProtocol::Tcp,
src_subnet: None,
src_subnet_invert_match: false,
src_port: filter::Port { start: 10000, end: 10010 },
dst_subnet: None,
dst_subnet_invert_match: false,
dst_port: filter::Port { start: 0, end: 0 },
nic: 0,
log: false,
keep_state: true,
}
]
"nat" ["proto" proto] "from" subnet "->" "from" ipaddr ";"
proto (optional)
“tcp”, “udp”, or “icmp”.
subnet
IP address and netmask in CIDR Notation.
ipaddr
IP address.
&[
filter::Nat {
proto: filter::SocketProtocol::Any,
src_subnet: net::Subnet{
addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 0] }),
prefix_len: 24,
},
new_src_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [10, 0, 0, 1] }),
nic: 0,
},
]
"rdr" ["proto" proto] "to" ipaddr dst_port "->" "to" ipaddr dst_port ";"
proto (optional)
“tcp”, “udp”, or “icmp”.
ipaddr
IP address.
dst_port
“port” port-number, or “range” start-port-number":"end-port-number
“rdr proto tcp to 10.0.0.1 port 10000 -> to 192.168.42.1 port 10000;”
&[
filter::Rdr {
proto: net::SocketProtocol::Tcp,
dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [10, 0, 0, 1] }),
dst_port_range: filter::Port { start: 10000, end: 10000 },
new_dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 1] }),
new_dst_port_offset: 10000,
nic: 0,
},
]
“rdr proto tcp to 10.0.0.1 range 10000:10005 -> to 192.168.42.1 range 20000:20005;”
&[
filter::Rdr {
proto: net::SocketProtocol::Tcp,
dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [10, 0, 0, 1] }),
dst_port_range: filter::Port { start: 10000, end: 10005 },
new_dst_addr: net::IpAddress::Ipv4(net::Ipv4Address{ addr: [192, 168, 42, 1] }),
new_dst_port_range: filter::Port { start: 20000, end: 20005 },
nic: 0,
},
]