tstest/natlab: add a stateful firewall.

The firewall provides a ProcessPacket handler, and implements an address-and-port endpoint dependent firewall that allows all traffic to egress from the trusted interface, and only allows inbound traffic if corresponding outbound traffic was previously seen. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-10-20 15:10:43 +00:00 · 2020-07-11 05:16:36 +00:00
parent 0ed9f62ed0
commit 5eedbcedd1
4 changed files with 152 additions and 5 deletions
--- a/tstest/natlab/natlab.go
+++ b/tstest/natlab/natlab.go
@@ -166,6 +166,14 @@ type Interface struct {
 	ips     []netaddr.IP // static; not mutated once created
 }

+func (f *Interface) Machine() *Machine {
+	return f.machine
+}
+
+func (f *Interface) Network() *Network {
+	return f.net
+}
+
 // V4 returns the machine's first IPv4 address, or the zero value if none.
 func (f *Interface) V4() netaddr.IP { return f.pickIP(netaddr.IP.Is4) }