Documentation ¶
Overview ¶
Package iptables provides an interface and implementations for running iptables commands.
Index ¶
Constants ¶
View Source
const MinCheckVersion = "1.4.11"
Versions of iptables less than this do not support the -C / --check flag (test whether a rule exists).
Variables ¶
This section is empty.
Functions ¶
func GetIptablesVersionString ¶
GetIptablesVersionString runs "iptables --version" to get the version string, then matches for vX.X.X e.g. if "iptables --version" outputs: "iptables v1.3.66" then it would would return "v1.3.66", nil
Types ¶
type Interface ¶
type Interface interface { // EnsureChain checks if the specified chain exists and, if not, creates it. If the chain existed, return true. EnsureChain(table Table, chain Chain) (bool, error) // FlushChain clears the specified chain. If the chain did not exist, return error. FlushChain(table Table, chain Chain) error // DeleteChain deletes the specified chain. If the chain did not exist, return error. DeleteChain(table Table, chain Chain) error // EnsureRule checks if the specified rule is present and, if not, creates it. If the rule existed, return true. EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error) // DeleteRule checks if the specified rule is present and, if so, deletes it. DeleteRule(table Table, chain Chain, args ...string) error // IsIpv6 returns true if this is managing ipv6 tables IsIpv6() bool // TODO: (BenTheElder) Unit-Test Save/SaveAll, Restore/RestoreAll // Save calls `iptables-save` for table. Save(table Table) ([]byte, error) // SaveAll calls `iptables-save`. SaveAll() ([]byte, error) // Restore runs `iptables-restore` passing data through a temporary file. // table is the Table to restore // data should be formatted like the output of Save() // flush sets the presence of the "--noflush" flag. see: FlushFlag // counters sets the "--counters" flag. see: RestoreCountersFlag Restore(table Table, data []byte, flush FlushFlag, counters RestoreCountersFlag) error // RestoreAll is the same as Restore except that no table is specified. RestoreAll(data []byte, flush FlushFlag, counters RestoreCountersFlag) error }
An injectable interface for running iptables commands. Implementations must be goroutine-safe.
type RestoreCountersFlag ¶
type RestoreCountersFlag bool
Option flag for Restore
const NoRestoreCounters RestoreCountersFlag = false
const RestoreCounters RestoreCountersFlag = true
type RulePosition ¶ added in v0.18.0
type RulePosition string
const ( Prepend RulePosition = "-I" Append RulePosition = "-A" )
Click to show internal directories.
Click to hide internal directories.