speatzle/nfsense
1
0
Fork 0
mirror of https://github.com/speatzle/nfsense.git synced 2025-05-07 17:18:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add firewall, service, system and vpn definitions

Browse source
This commit is contained in:
Samuel Lorch 2023-10-20 23:35:51 +02:00
parent e67c7679a2
commit 7c2210e26c
7 changed files with 196 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Cargo.lock generated
View file

@ -68,6 +68,15 @@ version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "macaddr"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baee0bbc17ce759db233beb01648088061bf678383130602a298e6998eedb2d8"
dependencies = [
"serde",
]
[[package]]
name = "matches"
version = "0.1.10"
@ -85,6 +94,7 @@ name = "nfsense"
version = "0.1.0"
dependencies = [
"ipnet",
"macaddr",
"serde",
"serde_json",
"validator",

3
Cargo.toml
View file

@ -7,6 +7,7 @@ edition = "2021"
[dependencies]
ipnet = { version = "2.8.0", features = ["serde"] }
macaddr = { version = "1.0.1", features = ["serde"] }
serde = { version = "1.0.189", features = ["derive"] }
serde_json = "1.0.107"
validator = { version = "0.15", features = ["derive"] }
validator = { version = "0.15", features = ["derive"] }

8
src/definitions.rs
View file

@ -1,5 +1,9 @@
pub mod firewall;
pub mod network;
pub mod object;
pub mod service;
pub mod system;
pub mod vpn;
use serde::{Deserialize, Serialize};
use validator::Validate;
@ -9,4 +13,8 @@ pub struct Config {
pub config_version: u64,
pub network: network::Network,
pub object: object::Object,
pub system: system::System,
pub service: service::Service,
pub vpn: vpn::VPN,
pub firewall: firewall::Firewall,
}

61
src/definitions/firewall.rs Normal file
View file

@ -0,0 +1,61 @@
use serde::{Deserialize, Serialize};
use validator::Validate;
#[derive(Serialize, Deserialize, Validate, Default, Debug)]
pub struct Firewall {
forward_rules: Vec<ForwardRule>,
destination_nat_rules: Vec<DestinationNATRule>,
source_nat_rules: Vec<SourceNATRule>,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct ForwardRule {
pub name: String,
pub services: Vec<String>,
pub source_addresses: Vec<String>,
pub destination_addresses: Vec<String>,
pub comment: String,
pub counter: bool,
pub verdict: Verdict,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct DestinationNATRule {
pub name: String,
pub services: Vec<String>,
pub source_addresses: Vec<String>,
pub destination_addresses: Vec<String>,
pub comment: String,
pub counter: bool,
pub dnat_address: String,
pub dnat_service: String,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct SourceNATRule {
pub name: String,
pub services: Vec<String>,
pub source_addresses: Vec<String>,
pub destination_addresses: Vec<String>,
pub comment: String,
pub counter: bool,
pub snat_type: SNATType,
}
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "snake_case")]
pub enum Verdict {
Accept,
Drop,
Continue,
}
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "snake_case")]
pub enum SNATType {
SNAT {
snat_address: String,
snat_service: String,
},
Masquerade,
}

67
src/definitions/service.rs Normal file
View file

@ -0,0 +1,67 @@
use core::time;
use macaddr::MacAddr8;
use serde::{Deserialize, Serialize};
use std::net::IpAddr;
use validator::Validate;
#[derive(Serialize, Deserialize, Validate, Default, Debug)]
pub struct Service {
pub dhcp_servers: Vec<DHCPServer>,
pub dns_servers: Vec<DNSServer>,
pub ntp_servers: Vec<NTPServer>,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct DHCPServer {
pub interface: String,
pub pool: Vec<String>,
pub lease_time: time::Duration,
pub gateway_mode: GatewayMode,
pub dns_server_mode: DNSServerMode,
pub ntp_server_mode: NTPServerMode,
pub reservations: Vec<Reservation>,
pub comment: String,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct DNSServer {
pub interface: String,
pub comment: String,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct NTPServer {
pub interface: String,
pub comment: String,
}
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "snake_case")]
pub enum GatewayMode {
None,
Interface,
Specify { gateway: String },
}
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "snake_case")]
pub enum DNSServerMode {
None,
Interface,
Specify { dns_servers: Vec<String> },
}
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "snake_case")]
pub enum NTPServerMode {
None,
Interface,
Specify { ntp_servers: Vec<String> },
}
#[derive(Serialize, Deserialize, Debug)]
pub struct Reservation {
pub ip_address: IpAddr,
pub hardware_address: MacAddr8,
pub comment: String,
}

15
src/definitions/system.rs Normal file
View file

@ -0,0 +1,15 @@
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use validator::Validate;
#[derive(Serialize, Deserialize, Validate, Default, Debug)]
pub struct System {
pub users: HashMap<String, User>,
}
#[derive(Serialize, Deserialize, Validate, Default, Debug)]
pub struct User {
pub comment: String,
pub hash: String,
pub salt: String,
}

33
src/definitions/vpn.rs Normal file
View file

@ -0,0 +1,33 @@
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use validator::Validate;
#[derive(Serialize, Deserialize, Validate, Default, Debug)]
pub struct VPN {
pub wireguard: Wireguard,
}
#[derive(Serialize, Deserialize, Validate, Default, Debug)]
pub struct Wireguard {
pub interfaces: HashMap<String, WireguardInterface>,
pub peers: HashMap<String, WireguardPeer>,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct WireguardInterface {
pub public_key: String,
pub private_key: String,
pub listen_port: u64,
pub peers: Vec<String>,
pub comment: String,
}
#[derive(Serialize, Deserialize, Validate, Debug)]
pub struct WireguardPeer {
pub public_key: String,
pub preshared_key: Option<String>,
pub allowed_ips: Vec<String>,
pub endpoint: Option<String>,
pub persistent_keepalive: Option<u64>,
pub comment: String,
}