The firewall provides a ProcessPacket handler, and implements an
address-and-port endpoint dependent firewall that allows all
traffic to egress from the trusted interface, and only allows
inbound traffic if corresponding outbound traffic was previously
seen.
Signed-off-by: David Anderson <danderson@tailscale.com>
Requires a bunch of refactoring so that Networks only ever
refer to Interfaces that have been attached to them, and
Interfaces know about both their Network and Machine.
Signed-off-by: David Anderson <danderson@tailscale.com>
This is a prelude to adding more fields, which would otherwise
become more unnamed function params.
Signed-off-by: David Anderson <danderson@tailscale.com>