feat(core): implement ForwardingPolicy with rule-based allow/deny
Add ForwardingPolicy, ForwardingAction, ForwardingRule, and TargetPattern types in config/forwarding.rs. Implement policy evaluation with first-match wins semantics, principal and transport matching, CIDR and glob patterns. Modify ServerHandler to check ForwardingPolicy before proxying in channel_open_direct_tcpip. Reserved alknet-* destinations bypass policy. Preserve existing behavior with default allow_all() policy.
This commit is contained in:
@@ -1,10 +1,11 @@
|
||||
pub mod config_service;
|
||||
pub mod dynamic_config;
|
||||
pub mod forwarding;
|
||||
pub mod static_config;
|
||||
|
||||
pub use config_service::ConfigServiceImpl;
|
||||
pub use dynamic_config::{
|
||||
new_dynamic_config, AuthPolicy, ConfigReloadHandle, DynamicConfig, ForwardingAction,
|
||||
ForwardingPolicy, ForwardingRule, RateLimitConfig,
|
||||
new_dynamic_config, AuthPolicy, ConfigReloadHandle, DynamicConfig, RateLimitConfig,
|
||||
};
|
||||
pub use forwarding::{ForwardingAction, ForwardingPolicy, ForwardingRule, TargetPattern};
|
||||
pub use static_config::StaticConfig;
|
||||
|
||||
Reference in New Issue
Block a user