firewalld: Add routines to firewalld to mark traffic and masquerade
This CL adds routines to firewalld that enable network traffic to
be marked based on user id and masquerading rules for network
interfaces.
BUG=chromium:458075
TEST=Manual testing
Change-Id: I81e08f1c20bf99887ac87c9970fcc2a58dcd2355
Reviewed-on: https://chromium-review.googlesource.com/249111
Reviewed-by: Jorge Lucangeli Obes <[email protected]>
Tested-by: Prabhu Kaliamoorthi <[email protected]>
Commit-Queue: Prabhu Kaliamoorthi <[email protected]>
diff --git a/iptables.h b/iptables.h
index 9be18b3..92a891d 100644
--- a/iptables.h
+++ b/iptables.h
@@ -10,6 +10,7 @@
#include <set>
#include <string>
#include <utility>
+#include <vector>
#include <base/macros.h>
#include <chromeos/errors/error.h>
@@ -33,6 +34,11 @@
bool PlugTcpHole(uint16_t in_port, const std::string& in_interface) override;
bool PlugUdpHole(uint16_t in_port, const std::string& in_interface) override;
+ bool RequestVpnSetup(const std::vector<std::string>& usernames,
+ const std::string& interface) override;
+ bool RemoveVpnSetup(const std::vector<std::string>& usernames,
+ const std::string& interface) override;
+
protected:
// Test-only.
explicit IpTables(const std::string& ip4_path, const std::string& ip6_path);
@@ -66,6 +72,18 @@
uint16_t port,
const std::string& interface);
+ bool ApplyVpnSetup(const std::vector<std::string>& usernames,
+ const std::string& interface,
+ bool add);
+
+ bool ApplyMasquerade(const std::string& interface,
+ bool add);
+
+ bool ApplyMarkForUserTraffic(const std::string& user_name,
+ bool add);
+
+ bool ApplyRuleForUserTraffic(bool add);
+
std::string ip4_exec_path_;
std::string ip6_exec_path_;
