Documentation
¶
Index ¶
- Constants
- Variables
- type Config
- type INFTables
- type NFTables
- func (nft *NFTables) ApplyBase(c *nftables.Conn) error
- func (nft *NFTables) ApplyDefault(flag int) error
- func (nft *NFTables) ApplyFilterRule(c *nftables.Conn, flag int) (err error)
- func (nft *NFTables) Ban(ipAddresses []string, timeout time.Duration) error
- func (nft *NFTables) ChainForward() *nftables.Chain
- func (nft *NFTables) ChainInput() *nftables.Chain
- func (nft *NFTables) ChainOutput() *nftables.Chain
- func (nft *NFTables) ChainPostrouting() *nftables.Chain
- func (nft *NFTables) ChainPrerouting() *nftables.Chain
- func (nft *NFTables) Cleanup() error
- func (nft *NFTables) DeleteAll(c *nftables.Conn)
- func (nft *NFTables) DeleteChain(c *nftables.Conn, chains ...*nftables.Chain)
- func (nft *NFTables) DeleteSet(c *nftables.Conn, sets ...*nftables.Set)
- func (nft *NFTables) Do(f func(conn *nftables.Conn) error) error
- func (nft *NFTables) FilterSetBlacklistIP() *nftables.Set
- func (nft *NFTables) FilterSetForwardIP() *nftables.Set
- func (nft *NFTables) FilterSetManagerIP() *nftables.Set
- func (nft *NFTables) FilterSetTrustIP() *nftables.Set
- func (nft *NFTables) FlushChain(c *nftables.Conn, chains ...*nftables.Chain)
- func (nft *NFTables) FlushSet(c *nftables.Conn, sets ...*nftables.Set)
- func (nft *NFTables) IfacesIPs() ([]net.IP, error)
- func (nft *NFTables) Init() error
- func (nft *NFTables) InitSet(c *nftables.Conn, flag int) error
- func (nft *NFTables) TableFilter() *nftables.Table
- func (nft *NFTables) TableNAT() *nftables.Table
- func (nft *NFTables) UpdateForwardWanIPs(del, add []net.IP) error
- func (nft *NFTables) UpdateManagerIPs(del, add []net.IP) error
- func (nft *NFTables) UpdateTrustIPs(del, add []net.IP) error
- func (nft *NFTables) WanIP() net.IP
Constants ¶
View Source
const ( TableFilter = `filter` TableNAT = `nat` TableMangle = `mangle` TableRaw = `raw` )
View Source
const ( ChainInput = `INPUT` ChainOutput = `OUTPUT` ChainForward = `FORWARD` ChainPreRouting = `PREROUTING` ChainPostRouting = `POSTROUTING` )
View Source
const ( ApplyTypeHTTP = `http` ApplyTypeSMTP = `smtp` ApplyTypeDNS = `smtp` )
View Source
const ( SET_TRUST = 1 // add filterSetTrustIP SET_MANAGER = 2 // add filterSetManagerIP SET_FORWARD = 4 // add filterSetForwardIP SET_BLACKLIST = 8 // add filterSetBlacklistIP SET_ALL = 512 // add filterSetTrustIP filterSetManagerIP filterSetForwardIP filterSetBlacklistIP )
View Source
const ( RULE_LOCAL_IFACE = 1 RULE_WAN_IFACE = 2 RULE_SDN = 4 RULE_SDN_FORWARD = 8 RULE_NAT = 16 RULE_BLACKLIST = 32 RULE_INPUT_LOCAL_IFACE = 64 RULE_OUTPUT_LOCAL_IFACE = 128 RULE_ALL = 512 )
Variables ¶
View Source
var ApplyAll = []string{ ApplyTypeHTTP, ApplyTypeSMTP, ApplyTypeDNS, }
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Enabled bool
NetworkNamespace string
DefaultPolicy string // accept / drop
TablePrefix string
TableSuffix string
Applies []string
MyIface string
MyPort uint16
ClearRuleset bool
DisableInitSet bool
Ifaces []string
TrustPorts []uint16
}
Config for nftables.
type INFTables ¶
type INFTables interface {
// UpdateTrustIPs updates filterSetTrustIP.
UpdateTrustIPs(del, add []net.IP) error
// UpdateManagerIPs updates filterSetManagerIP.
UpdateManagerIPs(del, add []net.IP) error
// UpdateMyForwardWanIPs updates filterSetForwardIP.
UpdateForwardWanIPs(del, add []net.IP) error
// Ban adding ip to backlist.
Ban(ipAddresses []string, timeout time.Duration) error
// Cleanup rules to default policy filtering.
Cleanup() error
// WanIP returns ip address of wan interface.
WanIP() net.IP
// IfacesIPs returns ip addresses list of additional ifaces.
IfacesIPs() ([]net.IP, error)
TableFilter() *nftables.Table
ChainInput() *nftables.Chain
ChainForward() *nftables.Chain
ChainOutput() *nftables.Chain
TableNAT() *nftables.Table
ChainPrerouting() *nftables.Chain
ChainPostrouting() *nftables.Chain
FilterSetTrustIP() *nftables.Set
FilterSetManagerIP() *nftables.Set
FilterSetForwardIP() *nftables.Set
FilterSetBlacklistIP() *nftables.Set
Do(f func(conn *nftables.Conn) error) error
}
type NFTables ¶
type NFTables struct {
// contains filtered or unexported fields
}
NFTables struct.
func (*NFTables) ApplyDefault ¶
func (*NFTables) ApplyFilterRule ¶ added in v0.2.2
func (*NFTables) ChainForward ¶
func (*NFTables) ChainInput ¶
func (*NFTables) ChainOutput ¶
func (*NFTables) ChainPostrouting ¶
func (*NFTables) ChainPrerouting ¶
func (*NFTables) DeleteChain ¶ added in v0.3.0
func (*NFTables) FilterSetBlacklistIP ¶ added in v0.2.2
func (*NFTables) FilterSetForwardIP ¶ added in v0.2.2
func (*NFTables) FilterSetManagerIP ¶ added in v0.2.2
func (*NFTables) FilterSetTrustIP ¶
func (*NFTables) FlushChain ¶ added in v0.3.0
func (*NFTables) InitSet ¶ added in v0.1.3
InitSet init sets example: InitSet(c, SET_TRUST|SET_MANAGER)
func (*NFTables) TableFilter ¶
func (*NFTables) UpdateForwardWanIPs ¶ added in v0.2.2
UpdateForwardWanIPs updates filterSetForwardIP.
func (*NFTables) UpdateManagerIPs ¶ added in v0.2.2
UpdateManagerIPs updates filterSetManagerIP.
func (*NFTables) UpdateTrustIPs ¶
UpdateTrustIPs updates filterSetTrustIP.
Source Files
¶
- config.go
- consts.go
- interface.go
- nftables.go
- nftables_blacklist.go
- nftables_dns.go
- nftables_http_server.go
- nftables_interface_common.go
- nftables_interface_common_host_base.go
- nftables_interface_common_local.go
- nftables_interface_common_public.go
- nftables_interface_common_trust_ip.go
- nftables_interface_forward.go
- nftables_interface_nat.go
- nftables_smtp.go
Click to show internal directories.
Click to hide internal directories.