XDP 防火墙
看到平台使用了XDP高性能防火墙,从网上了解了一下它的优越性,想了解底层是如何是实现的
看到日志有一些规则:
[20 16:54:12.796] [info] [1373] RULE: 1 enable: true
[20 16:54:12.796] [info] [1373] Ifname: enp6s0-2
[20 16:54:12.796] [info] [1373] Flowdir: rx
[20 16:54:12.796] [info] [1373] Rule Protocol: ALL
[20 16:54:12.796] [info] [1373] Rule Action: PASS
[20 16:54:12.796] [info] [1373] Priority: 0
[20 16:54:12.796] [info] [1373] Ports setting type: 1
[20 16:54:12.799] [info] [1373] Port range: 1-65535
[20 16:54:12.815] [info] [1373] IP setting type: 0-single/all
[20 16:54:12.815] [info] [1373] IP: All([::0.0.0.0])
[20 16:54:12.815] [info] [1373] RULE: 2 enable: true
[20 16:54:12.815] [info] [1373] Ifname: enp1s0f0-4
[20 16:54:12.815] [info] [1373] Flowdir: rx
[20 16:54:12.815] [info] [1373] Rule Protocol: ALL
[20 16:54:12.815] [info] [1373] Rule Action: PASS
[20 16:54:12.815] [info] [1373] Priority: 1
[20 16:54:12.815] [info] [1373] Ports setting type: 1
[20 16:54:12.817] [info] [1373] Port range: 1-65535
[20 16:54:12.821] [info] [1373] IP setting type: 0-single/all
[20 16:54:12.821] [info] [1373] IP: All([::0.0.0.0])
同时他还可以配置IP地址国家白名单,感觉很有用,想深入了解一下实现方式,请大神有了解的给介绍一下,谢谢。
[20 16:54:12.862] [info] [1373] RULE: 11 enable: true
[20 16:54:12.862] [info] [1373] Ifname: enp5s0-3
[20 16:54:12.862] [info] [1373] Flowdir: tx
[20 16:54:12.862] [info] [1373] Rule Protocol: ALL
[20 16:54:12.862] [info] [1373] Rule Action: PASS
[20 16:54:12.862] [info] [1373] Priority: 10
[20 16:54:12.862] [info] [1373] Ports setting type: 1
[20 16:54:12.864] [info] [1373] Port range: 1-65535
[20 16:54:12.866] [info] [1373] IP setting type: 2-country
[20 16:54:12.866] [info] [1373] IP Country: CN
[20 16:54:12.866] [info] [1373] Rule has changed, reload rule
另外我还想知道,从哪里获取到的各个国家的ipv4和ipv6地址的。
