iptables

Documentation

Index

• func Bidirectional(partitions ...[]IP) map[IP][]IP
• func Rules(blacklist map[IP][]IP) map[IP]Cmds
• type Cmd
  • func (c Cmd) String() string
• type Cmds
  • func Reset() Cmds
  • func (c Cmds) String() string
• type IP

Functions

func Bidirectional

func Bidirectional(partitions ...[]IP) map[IP][]IP

Bidirectional takes groups of nodes and creates rules which isolate them from one another. For example, with arguments ([ip1], [ip2, ip3]), ip1 would not be able to talk to ip2 and ip3, and vice versa.

func Rules

func Rules(blacklist map[IP][]IP) map[IP]Cmds

Rules translates a blacklist into a map of invocations of `iptables`, keyed by the node on which they need to be run. A blacklist is keyed by origin, the values being the nodes which will be blocked from receiving inbound connections from the origin. For example, {ip1: [ip2, ip3]} means that rules will be created at ip2 and ip3 which drop incoming connections from ip1. In particular, asymmetry is supported: ip2 and ip3 would continue to be able to connect to ip1. The commands don't stack; before applying new rules, run Reset() to clear up a previous partition.

Types

type Cmd

type Cmd []string

Cmd is a naive command without proper support for whitespace.

func (Cmd) String

func (c Cmd) String() string

String formats the Cmd for shell copy&paste.

type Cmds

type Cmds []Cmd

Cmds is a slice of commands.

func Reset

func Reset() Cmds

Reset creates commands which, when executed, undo the effects of a previous execution of Rules().

func (Cmds) String

func (c Cmds) String() string

String formats the Cmds for shell copy&paste.

type IP

type IP string

An IP is an IP address.