README
¶
IPList
List Check Order:
Global List --> Node List--> Server List --> WAF List --> Bind List
Documentation
¶
Index ¶
- Variables
- func AllowIP(ip string, serverId int64) (canGoNext bool, inAllowList bool)
- func AllowIPStrings(ipStrings []string, serverId int64) bool
- func IsFatalError(err error) bool
- func IsInWhiteList(ip string) bool
- func NewFataError(err string) error
- type ActionInterface
- type ActionManager
- func (this *ActionManager) AddItem(listType IPListType, item *pb.IPItem)
- func (this *ActionManager) DeleteItem(listType IPListType, item *pb.IPItem)
- func (this *ActionManager) FindEventActions(eventLevel string) []ActionInterface
- func (this *ActionManager) UpdateActions(actions []*firewallconfigs.FirewallActionConfig)
- type BaseAction
- type FataError
- type FirewalldAction
- type HTMLAction
- func (this *HTMLAction) AddItem(listType IPListType, item *pb.IPItem) error
- func (this *HTMLAction) Close() error
- func (this *HTMLAction) DeleteItem(listType IPListType, item *pb.IPItem) error
- func (this *HTMLAction) DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)
- func (this *HTMLAction) Init(config *firewallconfigs.FirewallActionConfig) error
- type HTTPAPIAction
- type IPItem
- type IPItemType
- type IPList
- type IPListDB
- type IPListManager
- type IPListType
- type IPSetAction
- func (this *IPSetAction) AddItem(listType IPListType, item *pb.IPItem) error
- func (this *IPSetAction) DeleteItem(listType IPListType, item *pb.IPItem) error
- func (this *IPSetAction) Init(config *firewallconfigs.FirewallActionConfig) error
- func (this *IPSetAction) SetConfig(config *firewallconfigs.FirewallActionIPSetConfig)
- type IPTablesAction
- type Result
- type ScriptAction
- type ServerListManager
Constants ¶
This section is empty.
Variables ¶
View Source
var GlobalBlackIPList = NewIPList()
View Source
var GlobalWhiteIPList = NewIPList()
View Source
var IPListUpdateNotify = make(chan bool, 1)
Functions ¶
func AllowIPStrings ¶
AllowIPStrings 检查一组IP是否被允许访问
func IsFatalError ¶
func NewFataError ¶
Types ¶
type ActionInterface ¶
type ActionInterface interface {
// Init 初始化
Init(config *firewallconfigs.FirewallActionConfig) error
// AddItem 添加
AddItem(listType IPListType, item *pb.IPItem) error
// DeleteItem 删除
DeleteItem(listType IPListType, item *pb.IPItem) error
// Close 关闭
Close() error
// DoHTTP 处理HTTP请求
DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)
}
type ActionManager ¶
type ActionManager struct {
// contains filtered or unexported fields
}
ActionManager 动作管理器定义
func (*ActionManager) AddItem ¶
func (this *ActionManager) AddItem(listType IPListType, item *pb.IPItem)
AddItem 执行添加IP动作
func (*ActionManager) DeleteItem ¶
func (this *ActionManager) DeleteItem(listType IPListType, item *pb.IPItem)
DeleteItem 执行删除IP动作
func (*ActionManager) FindEventActions ¶
func (this *ActionManager) FindEventActions(eventLevel string) []ActionInterface
FindEventActions 查找事件对应的动作
func (*ActionManager) UpdateActions ¶
func (this *ActionManager) UpdateActions(actions []*firewallconfigs.FirewallActionConfig)
UpdateActions 更新配置
type BaseAction ¶
type BaseAction struct {
}
func (*BaseAction) Close ¶
func (this *BaseAction) Close() error
func (*BaseAction) DoHTTP ¶
func (this *BaseAction) DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)
DoHTTP 处理HTTP请求
type FataError ¶
type FataError struct {
// contains filtered or unexported fields
}
FataError 是否是致命错误
type FirewalldAction ¶
type FirewalldAction struct {
BaseAction
// contains filtered or unexported fields
}
FirewalldAction Firewalld动作管理 常用命令:
- 查询列表: firewall-cmd --list-all
- 添加IP:firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.168.2.32' reject" --timeout=30s
- 删除IP:firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.168.2.32' reject" --timeout=30s
func NewFirewalldAction ¶
func NewFirewalldAction() *FirewalldAction
func (*FirewalldAction) AddItem ¶
func (this *FirewalldAction) AddItem(listType IPListType, item *pb.IPItem) error
func (*FirewalldAction) DeleteItem ¶
func (this *FirewalldAction) DeleteItem(listType IPListType, item *pb.IPItem) error
func (*FirewalldAction) Init ¶
func (this *FirewalldAction) Init(config *firewallconfigs.FirewallActionConfig) error
type HTMLAction ¶
type HTMLAction struct {
BaseAction
// contains filtered or unexported fields
}
HTMLAction HTML动作
func (*HTMLAction) AddItem ¶
func (this *HTMLAction) AddItem(listType IPListType, item *pb.IPItem) error
AddItem 添加
func (*HTMLAction) DeleteItem ¶
func (this *HTMLAction) DeleteItem(listType IPListType, item *pb.IPItem) error
DeleteItem 删除
func (*HTMLAction) DoHTTP ¶
func (this *HTMLAction) DoHTTP(req *http.Request, resp http.ResponseWriter) (goNext bool, err error)
DoHTTP 处理HTTP请求
func (*HTMLAction) Init ¶
func (this *HTMLAction) Init(config *firewallconfigs.FirewallActionConfig) error
Init 初始化
type HTTPAPIAction ¶
type HTTPAPIAction struct {
BaseAction
// contains filtered or unexported fields
}
func NewHTTPAPIAction ¶
func NewHTTPAPIAction() *HTTPAPIAction
func (*HTTPAPIAction) AddItem ¶
func (this *HTTPAPIAction) AddItem(listType IPListType, item *pb.IPItem) error
func (*HTTPAPIAction) DeleteItem ¶
func (this *HTTPAPIAction) DeleteItem(listType IPListType, item *pb.IPItem) error
func (*HTTPAPIAction) Init ¶
func (this *HTTPAPIAction) Init(config *firewallconfigs.FirewallActionConfig) error
type IPItem ¶
type IPItem struct {
Type string `json:"type"`
Id uint64 `json:"id"`
IPFrom uint64 `json:"ipFrom"`
IPTo uint64 `json:"ipTo"`
ExpiredAt int64 `json:"expiredAt"`
EventLevel string `json:"eventLevel"`
}
IPItem IP条目
type IPItemType ¶
type IPItemType = string
const ( IPItemTypeIPv4 IPItemType = "ipv4" // IPv4 IPItemTypeIPv6 IPItemType = "ipv6" // IPv6 IPItemTypeAll IPItemType = "all" // 所有IP )
type IPList ¶
type IPList struct {
// contains filtered or unexported fields
}
IPList IP名单 TODO IP名单可以分片关闭,这样让每一片的数据量减少,查询更快
func (*IPList) ContainsIPStrings ¶
ContainsIPStrings 是否包含一组IP中的任意一个,并返回匹配的第一个Item
type IPListDB ¶
type IPListDB struct {
// contains filtered or unexported fields
}
func NewIPListDB ¶
func (*IPListDB) DeleteExpiredItems ¶
DeleteExpiredItems 删除过期的条目
func (*IPListDB) ReadMaxVersion ¶
ReadMaxVersion 读取当前最大版本号
type IPListManager ¶
type IPListManager struct {
// contains filtered or unexported fields
}
IPListManager IP名单管理
func NewIPListManager ¶
func NewIPListManager() *IPListManager
func (*IPListManager) FindList ¶
func (this *IPListManager) FindList(listId int64) *IPList
func (*IPListManager) Start ¶
func (this *IPListManager) Start()
func (*IPListManager) Stop ¶
func (this *IPListManager) Stop()
type IPListType ¶
type IPListType = string
const ( IPListTypeWhite IPListType = "white" IPListTypeBlack IPListType = "black" )
type IPSetAction ¶
type IPSetAction struct {
BaseAction
// contains filtered or unexported fields
}
IPSetAction IPSet动作 相关命令:
- 利用Firewalld管理set:
- 添加:firewall-cmd --permanent --new-ipset=edge_ip_list --type=hash:ip --option="timeout=0"
- 删除:firewall-cmd --permanent --delete-ipset=edge_ip_list
- 重载:firewall-cmd --reload
- firewalld+ipset: firewall-cmd --permanent --add-rich-rule="rule source ipset='edge_ip_list' reject"
- 利用IPTables管理set:
- 添加:iptables -A INPUT -m set --match-set edge_ip_list src -j REJECT
- 添加Item:ipset add edge_ip_list 192.168.2.32 timeout 30
- 删除Item: ipset del edge_ip_list 192.168.2.32
- 创建set:ipset create edge_ip_list hash:ip timeout 0
- 查看统计:ipset -t list edge_black_list
- 删除set:ipset destroy edge_black_list
func NewIPSetAction ¶
func NewIPSetAction() *IPSetAction
func (*IPSetAction) AddItem ¶
func (this *IPSetAction) AddItem(listType IPListType, item *pb.IPItem) error
func (*IPSetAction) DeleteItem ¶
func (this *IPSetAction) DeleteItem(listType IPListType, item *pb.IPItem) error
func (*IPSetAction) Init ¶
func (this *IPSetAction) Init(config *firewallconfigs.FirewallActionConfig) error
func (*IPSetAction) SetConfig ¶
func (this *IPSetAction) SetConfig(config *firewallconfigs.FirewallActionIPSetConfig)
type IPTablesAction ¶
type IPTablesAction struct {
BaseAction
// contains filtered or unexported fields
}
IPTablesAction IPTables动作 相关命令:
iptables -A INPUT -s "192.168.2.32" -j ACCEPT iptables -A INPUT -s "192.168.2.32" -j REJECT iptables -D INPUT ... iptables -F INPUT
func NewIPTablesAction ¶
func NewIPTablesAction() *IPTablesAction
func (*IPTablesAction) AddItem ¶
func (this *IPTablesAction) AddItem(listType IPListType, item *pb.IPItem) error
func (*IPTablesAction) DeleteItem ¶
func (this *IPTablesAction) DeleteItem(listType IPListType, item *pb.IPItem) error
func (*IPTablesAction) Init ¶
func (this *IPTablesAction) Init(config *firewallconfigs.FirewallActionConfig) error
type ScriptAction ¶
type ScriptAction struct {
BaseAction
// contains filtered or unexported fields
}
ScriptAction 脚本命令动作
func NewScriptAction ¶
func NewScriptAction() *ScriptAction
func (*ScriptAction) AddItem ¶
func (this *ScriptAction) AddItem(listType IPListType, item *pb.IPItem) error
func (*ScriptAction) DeleteItem ¶
func (this *ScriptAction) DeleteItem(listType IPListType, item *pb.IPItem) error
func (*ScriptAction) Init ¶
func (this *ScriptAction) Init(config *firewallconfigs.FirewallActionConfig) error
type ServerListManager ¶
type ServerListManager struct {
// contains filtered or unexported fields
}
ServerListManager 服务相关名单
func NewServerListManager ¶
func NewServerListManager() *ServerListManager
func (*ServerListManager) FindBlackList ¶
func (this *ServerListManager) FindBlackList(serverId int64, autoCreate bool) *IPList
func (*ServerListManager) FindWhiteList ¶
func (this *ServerListManager) FindWhiteList(serverId int64, autoCreate bool) *IPList
Source Files
¶
- action_base.go
- action_errors.go
- action_firewalld.go
- action_html.go
- action_http_api.go
- action_interface.go
- action_ipset.go
- action_iptables.go
- action_manager.go
- action_script.go
- action_utils.go
- init.go
- ip_item.go
- ip_list.go
- ip_list_db.go
- list_type.go
- list_utils.go
- manager_ip_list.go
- result.go
- server_list_manager.go
Click to show internal directories.
Click to hide internal directories.