scottk/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-03-22 01:41:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea9796e3462a070a2dc552a7bfd454860b6769de
firezone/rust/connlib
History
Thomas Eizinger ea9796e346 feat(gateway): apply filter engine to inbound packets (#7702) 
The Gateway keeps some state for each client connection. Part of this
state are filters which can be controlled via the Firezone portal. Even
if no filters are set in the portal, the Gateway uses this data
structure to ensure only packets to allowed resources are forwarded. If
a resource is not allowed, its IP won't exist in the `IpNetworkTable` of
filters and thus won't be allowed.

When a Client disconnects, the Gateway cleans up this data structure and
thus all filters etc are gone. As soon as a Client reconnects, default
filters are installed (which don't allow anything) under the same IP
(the portal always assigns the same IP to Clients).

These filters are only applied on _outbound_ traffic (i.e. from the
Client towards Resources). As a result, packets arriving from Resources
to a Client will still be routed back, causing "Source not allowed"
errors on the client (which has lost all of its state when restarting).

To fix this, we apply the Gateway's filters also on the reverse path of
packets from Resources to Clients.

Resolves: #5568
Resolves: #7521
Resolves: #6091
2025-02-21 05:59:36 +00:00
..
clients
chore(apple): downgrade warning about installed crypto provider (#8226)
2025-02-21 05:27:12 +00:00
model
test(connlib): assert resource status as part of tunnel_test (#7772)
2025-01-21 04:35:22 +00:00
snownet
fix(snownet): servers should not initiate WireGuard sessions (#8169)
2025-02-18 08:25:45 +00:00
tunnel
feat(gateway): apply filter engine to inbound packets (#7702)
2025-02-21 05:59:36 +00:00
.gitignore
android: update connlib dependency and integration (#1752)
2023-07-17 18:50:39 +00:00
README.md
chore(docs): Remove outdated rust/connlib/README.md info (#3099)
2024-01-03 18:10:52 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

Building Connlib

You shouldn't need to build connlib directly; it's typically built as a dependency of one of the other Firezone components. See READMEs in those directories for relevant instructions.

Reference in New Issue View Git Blame Copy Permalink