pbf

package
v0.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2023 License: ISC Imports: 7 Imported by: 3

Documentation

Overview

Package pbf is the client.Policies.PolicyBasedForwarding namespace.

Normalized object: Entry

Index

Constants

View Source 
const (
	FromTypeZone      = "zone"
	FromTypeInterface = "interface"
)

Valid FromType values.

View Source 
const (
	ForwardNextHopTypeIpAddress = "ip-address"
	ForwardNextHopTypeFqdn      = "fqdn"
)

Valid ForwardNextHopType values.

View Source 
const (
	ActionForward     = "forward"
	ActionVsysForward = "forward-to-vsys"
	ActionDiscard     = "discard"
	ActionNoPbf       = "no-pbf"
)

Valid Action values.

Variables

This section is empty.

Functions

func RulesMatch added in v0.7.0 

func RulesMatch(a, b Entry) bool

Types

type Entry 

type Entry struct {
	Name                               string
	Description                        string
	Tags                               []string // ordered
	FromType                           string
	FromValues                         []string // unordered
	SourceAddresses                    []string // unordered
	SourceUsers                        []string // unordered
	NegateSource                       bool
	DestinationAddresses               []string // unordered
	NegateDestination                  bool
	Applications                       []string // unordered
	Services                           []string // unordered
	Schedule                           string
	Disabled                           bool
	Action                             string
	ForwardVsys                        string
	ForwardEgressInterface             string
	ForwardNextHopType                 string
	ForwardNextHopValue                string
	ForwardMonitorProfile              string
	ForwardMonitorIpAddress            string
	ForwardMonitorDisableIfUnreachable bool
	EnableEnforceSymmetricReturn       bool
	SymmetricReturnAddresses           []string // ordered
	ActiveActiveDeviceBinding          string
	Targets                            map[string][]string
	NegateTarget                       bool
	Uuid                               string // 9.0+
	GroupTag                           string // 9.0+
}

Entry is a normalized, version independent representation of a policy based forwarding rule.

Targets is a map where the key is the serial number of the target device and the value is a list of specific vsys on that device. The list of vsys is nil if all vsys on that device should be included or if the device is a virtual firewall (and thus only has vsys1).

func (*Entry) Copy 

func (o *Entry) Copy(s Entry)

Copy copies the information from source Entry `s` to this object. As the Name and Uuid fields relates to the identify of this object, they are not copied.

func (Entry) Specify added in v0.5.0 

func (o Entry) Specify(v version.Number) (string, interface{})

type Firewall added in v0.5.0 

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall is the client.Policies.PolicyBasedForwarding namespace.

func FirewallNamespace added in v0.5.0 

func FirewallNamespace(client util.XapiClient) *Firewall

FirewallNamespace returns an initialized namespace.

func (*Firewall) AllFromPanosConfig added in v0.7.0 

func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Firewall) AuditCommentHistory added in v0.6.0 

func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Firewall) ConfigureRules added in v0.7.0 

func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Firewall) CurrentAuditComment added in v0.6.0 

func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Firewall) Delete added in v0.5.0 

func (c *Firewall) Delete(vsys string, e ...interface{}) error

Delete performs DELETE to remove the specified objects.

Objects can be either a string or an Entry object.

func (*Firewall) Edit added in v0.5.0 

func (c *Firewall) Edit(vsys string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Firewall) FromPanosConfig added in v0.7.0 

func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Firewall) Get added in v0.5.0 

func (c *Firewall) Get(vsys, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Firewall) GetAll added in v0.5.0 

func (c *Firewall) GetAll(vsys string) ([]Entry, error)

GetAll performs GET to retrieve all objects configured.

func (*Firewall) GetList added in v0.5.0 

func (c *Firewall) GetList(vsys string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Firewall) HitCount added in v0.5.0 

func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error)

HitCount gets the rule hit count for the given rules.

If the rules param is nil, then the hit count for all rules is returned.

func (*Firewall) MoveGroup added in v0.5.0 

func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of policy based forwarding rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Firewall) Set added in v0.5.0 

func (c *Firewall) Set(vsys string, e ...Entry) error

Set performs SET to configure the specified objects.

func (*Firewall) SetAuditComment added in v0.6.0 

func (c *Firewall) SetAuditComment(vsys, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Firewall) Show added in v0.5.0 

func (c *Firewall) Show(vsys, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Firewall) ShowAll added in v0.5.0 

func (c *Firewall) ShowAll(vsys string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Firewall) ShowList added in v0.5.0 

func (c *Firewall) ShowList(vsys string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

type Panorama added in v0.5.0 

type Panorama struct {
	// contains filtered or unexported fields
}

Panorama is the client.Policies.PolicyBasedForwarding namespace.

The "dg" param in these functions is the device group.

The "base" param in these functions should be one of the rulebase constants in the "util" package.

func PanoramaNamespace added in v0.5.0 

func PanoramaNamespace(client util.XapiClient) *Panorama

PanoramaNamespace returns an initialized namespace.

func (*Panorama) AllFromPanosConfig added in v0.7.0 

func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Panorama) AuditCommentHistory added in v0.6.0 

func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Panorama) ConfigureRules added in v0.7.0 

func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Panorama) CurrentAuditComment added in v0.6.0 

func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Panorama) Delete added in v0.5.0 

func (c *Panorama) Delete(dg, base string, e ...interface{}) error

Delete removes the given objects.

Objects can be a string or an Entry object.

func (*Panorama) Edit added in v0.5.0 

func (c *Panorama) Edit(dg, base string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Panorama) FromPanosConfig added in v0.7.0 

func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Panorama) Get added in v0.5.0 

func (c *Panorama) Get(dg, base, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Panorama) GetAll added in v0.5.0 

func (c *Panorama) GetAll(dg, base string) ([]Entry, error)

GetAll performs GET to retrieve information for all objects.

func (*Panorama) GetList added in v0.5.0 

func (c *Panorama) GetList(dg, base string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Panorama) MoveGroup added in v0.5.0 

func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of policy based forwarding rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Panorama) Set added in v0.5.0 

func (c *Panorama) Set(dg, base string, e ...Entry) error

Set performs SET to create / update one or more objects.

func (*Panorama) SetAuditComment added in v0.6.0 

func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Panorama) Show added in v0.5.0 

func (c *Panorama) Show(dg, base, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Panorama) ShowAll added in v0.5.0 

func (c *Panorama) ShowAll(dg, base string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Panorama) ShowList added in v0.5.0 

func (c *Panorama) ShowList(dg, base string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.