Skip to content

Commit

Permalink
chore: Release dfw version 1.3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
pitkley committed Jan 7, 2024
1 parent e743a1e commit 8b53569
Show file tree
Hide file tree
Showing 7 changed files with 41 additions and 39 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

## Unreleased

## 1.3.0 (2024-01-07)

* Add [`same_network_verdict` option](https://dfw.rs/latest/dfw/types/struct.ContainerToContainer.html#structfield.same_network_verdict) to container-to-container configuration, enabling users to specify whether traffic between containers within the same network should be allowed or not.
* Replace library used to communicate with Docker (which also fixes [#411]).

Expand Down
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "dfw"
version = "1.3.0-rc.2"
version = "1.3.0"
edition = "2021"
authors = ["Pit Kleyersburg <[email protected]>"]
license = "MIT/Apache-2.0"
Expand Down
20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -122,45 +122,45 @@ The general configuration happens across six categories:

This category defines global, default values to be used by DFW and the other categories.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.GlobalDefaults.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.GlobalDefaults.html)

* `backend_defaults`

This category defines configuration values that are specific to the firewall-backend used.

[Field reference for `nftables`.](https://dfw.rs/1.2.1/dfw/nftables/types/struct.Defaults.html)
[Field reference for `nftables`.](https://dfw.rs/1.3.0/dfw/nftables/types/struct.Defaults.html)

[Field reference for `iptables`.](https://dfw.rs/1.2.1/dfw/iptables/types/struct.Defaults.html)
[Field reference for `iptables`.](https://dfw.rs/1.3.0/dfw/iptables/types/struct.Defaults.html)

* `container_to_container`

This controls the communication between containers and across [Docker networks][docker-networks].

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToContainer.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToContainer.html)

* `container_to_wider_world`

This controls if and how containers may access the wider world, i.e. what they can communicate across the `OUTPUT` chain on the host.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToWiderWorld.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToWiderWorld.html)

* `container_to_host`

To restrict or allow access to the host, this section is used.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToHost.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToHost.html)

* `wider_world_to_container`

This controls how the wider world, i.e. whatever comes in through the `INPUT` chain on the host, can communicate with a container or a Docker network.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.WiderWorldToContainer.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.WiderWorldToContainer.html)

* `container_dnat`

This category allows you to define specific rules for destination network address translation, even or especially across Docker networks.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerDNAT.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerDNAT.html)

**See the [examples][examples] and [configuration types][types.rs] for detailed descriptions and examples of every configuration section.**

Expand Down Expand Up @@ -238,7 +238,7 @@ OPTIONS:

[docker-networks]: https://docs.docker.com/engine/userguide/networking/
[examples]: https://github.com/pitkley/dfw/tree/main/examples
[types.rs]: https://dfw.rs/1.2.1/dfw/types/index.html
[types.rs]: https://dfw.rs/1.3.0/dfw/types/index.html

## <a name="troubleshooting"></a> Troubleshooting

Expand Down Expand Up @@ -320,7 +320,7 @@ The Docker image for DFW is pre-built for the following architectures:
* `arm64` (a.k.a. `aarch64`)
* `arm/v7` (specifically `armhf`)

You don't have to do anything special to use the correct architecture: just `docker pull pitkley/dfw:1.2.1`.
You don't have to do anything special to use the correct architecture: just `docker pull pitkley/dfw:1.3.0`.
Docker will take care of pulling the image that matches the architecture of your host.

In general, DFW should be able to run on any architecture that [Rust supports][rust-platform-support] and for which the `nftables` or `iptables` binaries exist.
Expand Down
26 changes: 13 additions & 13 deletions docs/GETTING-STARTED-iptables.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,49 +51,49 @@ The general configuration happens across six categories:

This category defines global, default values to be used by DFW and the other categories.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.GlobalDefaults.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.GlobalDefaults.html)

* `backend_defaults`

This category defines configuration values that are specific to the firewall-backend used.

[Field reference for `iptables`.](https://dfw.rs/1.2.1/dfw/iptables/types/struct.Defaults.html)
[Field reference for `iptables`.](https://dfw.rs/1.3.0/dfw/iptables/types/struct.Defaults.html)

* `container_to_container`

This controls the communication between containers and across [Docker networks][docker-networks].

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToContainer.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToContainer.html)

* `container_to_wider_world`

This controls if and how containers may access the wider world, i.e. what they can communicate across the `OUTPUT` chain on the host.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToWiderWorld.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToWiderWorld.html)

* `container_to_host`

To restrict or allow access to the host, this section is used.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToHost.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToHost.html)

* `wider_world_to_container`

This controls how the wider world, i.e. whatever comes in through the `INPUT` chain on the host, can communicate with a container or a Docker network.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.WiderWorldToContainer.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.WiderWorldToContainer.html)

* `container_dnat`

This category allows you to define specific rules for destination network address translation, even or especially across Docker networks.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerDNAT.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerDNAT.html)

**See the [examples][examples] and [configuration types][types.rs] for detailed descriptions and examples of every configuration section.**

[docker-networks]: https://docs.docker.com/engine/userguide/networking/
[examples]: https://github.com/pitkley/dfw/tree/main/examples
[types.rs]: https://dfw.rs/1.2.1/dfw/types/index.html
[types.rs]: https://dfw.rs/1.3.0/dfw/types/index.html

## <a name="runningdfw"></a> Running DFW

Expand All @@ -107,13 +107,13 @@ You have a few options of running DFW:
### Using the official Docker image

```console
$ docker pull pitkley/dfw:1.2.1
$ docker pull pitkley/dfw:1.3.0
$ docker run -d \
--name=dfw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /path/to/your/config:/config \
--net host --cap-add=NET_ADMIN \
pitkley/dfw:1.2.1 --firewall-backend iptables --config-path /config
pitkley/dfw:1.3.0 --firewall-backend iptables --config-path /config
```

This will download a lightweight image, coming in at around 20 MB, and subsequently run it using your configuration.
Expand All @@ -122,8 +122,8 @@ The image supports multiple architectures: `amd64`, `arm64`, `armv7` (specifical
Please note that you can also pull the image from the GitHub container registry, GHCR, if you want to avoid potential pull-limitations Docker Hub has put in place:

```console
$ docker pull ghcr.io/pitkley/dfw:1.2.1
$ docker run ... ghcr.io/pitkley/dfw:1.2.1 ...
$ docker pull ghcr.io/pitkley/dfw:1.3.0
$ docker run ... ghcr.io/pitkley/dfw:1.3.0 ...
```

### Using a pre-built binary directly on your host.
Expand All @@ -140,7 +140,7 @@ For this you need to first [install Rust][rustlang-install] and then install DFW
```console
$ cargo install dfw
$ dfw --help
dfw 1.2.1
dfw 1.3.0
Docker Firewall Framework, in Rust
...
```
Expand Down
26 changes: 13 additions & 13 deletions docs/GETTING-STARTED-nftables.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,49 +109,49 @@ The general configuration happens across six categories:

This category defines global, default values to be used by DFW and the other categories.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.GlobalDefaults.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.GlobalDefaults.html)

* `backend_defaults`

This category defines configuration values that are specific to the firewall-backend used.

[Field reference for `nftables`.](https://dfw.rs/1.2.1/dfw/nftables/types/struct.Defaults.html)
[Field reference for `nftables`.](https://dfw.rs/1.3.0/dfw/nftables/types/struct.Defaults.html)

* `container_to_container`

This controls the communication between containers and across [Docker networks][docker-networks].

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToContainer.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToContainer.html)

* `container_to_wider_world`

This controls if and how containers may access the wider world, i.e. what they can communicate across the `OUTPUT` chain on the host.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToWiderWorld.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToWiderWorld.html)

* `container_to_host`

To restrict or allow access to the host, this section is used.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerToHost.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerToHost.html)

* `wider_world_to_container`

This controls how the wider world, i.e. whatever comes in through the `INPUT` chain on the host, can communicate with a container or a Docker network.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.WiderWorldToContainer.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.WiderWorldToContainer.html)

* `container_dnat`

This category allows you to define specific rules for destination network address translation, even or especially across Docker networks.

[Field reference.](https://dfw.rs/1.2.1/dfw/types/struct.ContainerDNAT.html)
[Field reference.](https://dfw.rs/1.3.0/dfw/types/struct.ContainerDNAT.html)

**See the [examples][examples] and [configuration types][types.rs] for detailed descriptions and examples of every configuration section.**

[docker-networks]: https://docs.docker.com/engine/userguide/networking/
[examples]: https://github.com/pitkley/dfw/tree/main/examples
[types.rs]: https://dfw.rs/1.2.1/dfw/types/index.html
[types.rs]: https://dfw.rs/1.3.0/dfw/types/index.html

## <a name="runningdfw"></a> Running DFW

Expand All @@ -163,13 +163,13 @@ You have two general options of running DFW:
### Using the official Docker image

```console
$ docker pull pitkley/dfw:1.2.1
$ docker pull pitkley/dfw:1.3.0
$ docker run -d \
--name=dfw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /path/to/your/config:/config \
--net host --cap-add=NET_ADMIN \
pitkley/dfw:1.2.1 --config-path /config
pitkley/dfw:1.3.0 --config-path /config
```

This will download a lightweight image, coming in at around 20 MB, and subsequently run it using your configuration.
Expand All @@ -178,8 +178,8 @@ The image supports multiple architectures: `amd64`, `arm64`, `armv7` (specifical
Please note that you can also pull the image from the GitHub container registry, GHCR, if you want to avoid potential pull-limitations Docker Hub has put in place:

```console
$ docker pull ghcr.io/pitkley/dfw:1.2.1
$ docker run ... ghcr.io/pitkley/dfw:1.2.1 ...
$ docker pull ghcr.io/pitkley/dfw:1.3.0
$ docker run ... ghcr.io/pitkley/dfw:1.3.0 ...
```

### Using a pre-built binary directly on your host.
Expand All @@ -196,7 +196,7 @@ For this you need to first [install Rust][rustlang-install] and then install DFW
```console
$ cargo install dfw
$ dfw --help
dfw 1.2.1
dfw 1.3.0
Docker Firewall Framework, in Rust
...
```
Expand Down
2 changes: 1 addition & 1 deletion examples/reverseproxy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v dfw.toml:/config/dfw.toml \
--net host --cap-add=NET_ADMIN \
pitkley/dfw:1.2.1 --config-file /config/dfw.toml
pitkley/dfw:1.3.0 --config-file /config/dfw.toml
```

(*Please note:* DFW will use the nftables firewall backend by default. If you want to use iptables, provide the `--firewall-backend iptables` command-line argument.)
Expand Down

0 comments on commit 8b53569

Please sign in to comment.