Add session firewall (extra security for controlling traffic flow to/from a given node)

2025-04-28 22:25:07 +03:00 · 2018-10-07 17:13:41 +01:00 · 2018-10-07 17:13:41 +01:00 · 2e2c58bfef
commit 2e2c58bfef
parent 401960e17e
6 changed files with 103 additions and 2 deletions
--- a/src/yggdrasil/core.go
+++ b/src/yggdrasil/core.go
@ -107,6 +107,11 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error {
 		return err
 	}

+	c.sessions.setSessionFirewallState(nc.SessionFirewall.Enable)
+	c.sessions.setSessionFirewallDefaults(nc.SessionFirewall.AllowFromDirect, nc.SessionFirewall.AllowFromRemote)
+	c.sessions.setSessionFirewallWhitelist(nc.SessionFirewall.WhitelistEncryptionPublicKeys)
+	c.sessions.setSessionFirewallBlacklist(nc.SessionFirewall.BlacklistEncryptionPublicKeys)
+
 	if err := c.router.start(); err != nil {
 		c.log.Println("Failed to start router")
 		return err