iptables

package
v1.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NATTable    = "nat"
	FilterTable = "filter"
	MangleTable = "mangle"
	RawTable    = "raw"

	AcceptTarget     = "ACCEPT"
	DropTarget       = "DROP"
	MasqueradeTarget = "MASQUERADE"
	MarkTarget       = "MARK"
	ReturnTarget     = "RETURN"
	ConnTrackTarget  = "CT"
	NoTrackTarget    = "NOTRACK"
	SNATTarget       = "SNAT"
	DNATTarget       = "DNAT"
	RejectTarget     = "REJECT"

	PreRoutingChain  = "PREROUTING"
	InputChain       = "INPUT"
	ForwardChain     = "FORWARD"
	PostRoutingChain = "POSTROUTING"
	OutputChain      = "OUTPUT"
)
View Source 
const (
	ProtocolTCP    = "tcp"
	ProtocolUDP    = "udp"
	ProtocolSCTP   = "sctp"
	ProtocolICMP   = "icmp"
	ProtocolICMPv6 = "icmp6"
)
View Source 
const (
	XtablesLockFilePath = "/var/run/xtables.lock"
)

Variables

This section is empty.

Functions

func IsIPv6Protocol added in v1.15.0 

func IsIPv6Protocol(protocol Protocol) bool

func Lock 

func Lock(lockFilePath string, timeout time.Duration) (func() error, error)

Lock acquires the provided file lock. It's thread-safe. It will block until the lock is acquired or the timeout is reached.

func MakeChainLine 

func MakeChainLine(chain string) string

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func New 

func New(enableIPV4, enableIPV6 bool) (*Client, error)

func (*Client) AppendRule added in v1.2.1 

func (c *Client) AppendRule(protocol Protocol, table string, chain string, ruleSpec []string) error

AppendRule checks if target rule already exists with the protocol, appends it if not.

func (*Client) ChainExists 

func (c *Client) ChainExists(protocol Protocol, table string, chain string) (bool, error)

ChainExists checks if target chain already exists in a table

func (*Client) DeleteChain 

func (c *Client) DeleteChain(protocol Protocol, table string, chain string) error

DeleteChain deletes all rules from a chain in a table and then delete the chain.

func (*Client) DeleteRule 

func (c *Client) DeleteRule(protocol Protocol, table string, chain string, ruleSpec []string) error

DeleteRule checks if target rule already exists, deletes the rule if found.

func (*Client) EnsureChain 

func (c *Client) EnsureChain(protocol Protocol, table string, chain string) error

EnsureChain checks if target chain already exists, creates it if not.

func (*Client) InsertRule 

func (c *Client) InsertRule(protocol Protocol, table string, chain string, ruleSpec []string) error

InsertRule checks if target rule already exists, inserts it at the beginning of the chain if not.

func (*Client) ListRules 

func (c *Client) ListRules(table string, chain string) ([]string, error)

ListRules lists all rules from a chain in a table.

func (*Client) Restore 

func (c *Client) Restore(data string, flush bool, useIPv6 bool) error

Restore calls iptable-restore to restore iptables with the provided content. If flush is true, all previous contents of the respective tables will be flushed. Otherwise only involved chains will be flushed. Restore supports "ip6tables-restore" for IPv6.

func (*Client) Save 

func (c *Client) Save() ([]byte, error)

Save calls iptables-saves to dump chains and tables in iptables.

type IPTablesRule added in v1.15.0 

type IPTablesRule interface {
	GetRule() string
}

type IPTablesRuleBuilder added in v1.15.0 

type IPTablesRuleBuilder interface {
	MatchCIDRSrc(cidr string) IPTablesRuleBuilder
	MatchCIDRDst(cidr string) IPTablesRuleBuilder
	MatchIPSetSrc(ipset string) IPTablesRuleBuilder
	MatchIPSetDst(ipset string) IPTablesRuleBuilder
	MatchTransProtocol(protocol string) IPTablesRuleBuilder
	MatchDstPort(port *intstr.IntOrString, endPort *int32) IPTablesRuleBuilder
	MatchSrcPort(port, endPort *int32) IPTablesRuleBuilder
	MatchICMP(icmpType, icmpCode *int32, ipProtocol Protocol) IPTablesRuleBuilder
	MatchEstablishedOrRelated() IPTablesRuleBuilder
	MatchInputInterface(interfaceName string) IPTablesRuleBuilder
	MatchOutputInterface(interfaceName string) IPTablesRuleBuilder
	SetTarget(target string) IPTablesRuleBuilder
	SetComment(comment string) IPTablesRuleBuilder
	CopyBuilder() IPTablesRuleBuilder
	Done() IPTablesRule
}

func NewRuleBuilder added in v1.15.0 

func NewRuleBuilder(chain string) IPTablesRuleBuilder

type Interface added in v1.7.3 

type Interface interface {
	EnsureChain(protocol Protocol, table string, chain string) error

	ChainExists(protocol Protocol, table string, chain string) (bool, error)

	AppendRule(protocol Protocol, table string, chain string, ruleSpec []string) error

	InsertRule(protocol Protocol, table string, chain string, ruleSpec []string) error

	DeleteRule(protocol Protocol, table string, chain string, ruleSpec []string) error

	DeleteChain(protocol Protocol, table string, chain string) error

	ListRules(table string, chain string) ([]string, error)

	Restore(data string, flush bool, useIPv6 bool) error

	Save() ([]byte, error)
}

type Protocol 

type Protocol byte
const (
	ProtocolDual Protocol = iota
	ProtocolIPv4
	ProtocolIPv6
)

func (Protocol) String added in v1.2.1 

func (p Protocol) String() string

Source Files

View all Source files

Directories

Path Synopsis
Code generated by MockGen.
 Code generated by MockGen.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.