Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessChain ¶
type AccessChain struct {
// Unique chain name,
// must be unique across the system
Name string `json:"name"`
// ContainerID id of the container
ContainerID string `json:"containerID"`
// Address is the ip of the container
Address net.IPNet `json:"address"`
// Gateway is the ip of the bridge
Gateway net.IP `json:"gateway"`
// GatewayPrefixLen is gateway prefix len
GatewayPrefixLen string `json:"gatewayPrefixLen"`
// PublicInterface net interface for internet access
PublicInterface string `json:"publicInterface"`
// OutRules are user specified parameters to configure
// outcoming connections
OutRules []AccessRule `json:"outRules"`
// InputPortsUDP passed to iptables --destination-ports
// for udp protocol, up to 15 ports can be specified
InputPortsUDP []string `json:"inputPortsUDP"`
// InputPortsTCP passed to iptables --destination-ports
// for tcp protocol, up to 15 ports can be specified
InputPortsTCP []string `json:"inputPortsTCP"`
// HasInternetConnection specifies if container has outgoing permissions the network
HasInternetConnection bool `json:"hasInternetConnection"`
}
AccessChain contains parameters to configure iptables
func NewAccessChain ¶
func NewAccessChain( name string, containerID string, address net.IPNet, gateway net.IP, hasInternetConnection bool, ) (chain *AccessChain)
NewAccessChain returns *AccessChain, accepts minimal parameters to configure AccessChain name: unique chain name for a container containerID: unique identifier of the container address: ip address allocated to the container gateway: ip of the bridge container can be accessed with hasInternetConnection: specifies if container has access to network
func (*AccessChain) AddInRule ¶
func (c *AccessChain) AddInRule(ports, protocol string) (err error)
AddInRule adds configuration to the chain for incoming connections, port can be a single port port=5000, a list or comma separeted ports port=5000,5005 or a range ports=5000:5005 protocol=tcp or udp, default is tcp.
type AccessRule ¶
type AccessRule struct {
// DstIP is the ip of the destination
DstIP string `json:"dstIp"`
// DstPort is the port of the destination
DstPort string `json:"dstPort"`
// Proto is the protocol of the destination
Proto string `json:"proto"`
// SrcIP is the ip of the source
SrcIP string `json:"srcIp"`
}
AccessRule contains parameters to configure one rule for a single container
type Firewall ¶
type Firewall struct {
// contains filtered or unexported fields
}
Firewall handles user defined chains
func New ¶
New returns Firewall instance configPath: the path where runtime state of the plugin is stored
func (*Firewall) Add ¶
func (f *Firewall) Add(c *AccessChain) (err error)
Add adds user defined chain to the firewall
func (*Firewall) Check ¶
func (f *Firewall) Check(c *AccessChain) (err error)
Check verifies that user defined chain is applied
Source Files