Documentation ¶
Index ¶
- type Chain
- type Enforcer
- type GenericRule
- func NewAcceptExistingLocalRule() GenericRule
- func NewAcceptExistingRemoteRule(vni int) GenericRule
- func NewDefaultDenyLocalRule(localSubnet string) GenericRule
- func NewDefaultDenyRemoteRule(vni int) GenericRule
- func NewDefaultEgressRule(localSubnet, overlayNetwork string) GenericRule
- func NewLogRule(guardConditions []string, name string) GenericRule
- func NewMarkAllowRule(destinationIP, protocol string, port int, tag string, ...) GenericRule
- func NewMarkSetRule(sourceIP, tag, appGUID string) GenericRule
- func NewNetOutDefaultRejectRule(subnet, overlayNetwork string) GenericRule
- func NewNetOutRelatedEstablishedRule(subnet, overlayNetwork string) GenericRule
- func NewNetOutRule(containerIP string, startIP string, endIP string) GenericRule
- func NewNetOutWithPortsRule(containerIP string, startIP string, endIP string, startPort int, endPort int, ...) GenericRule
- type IPTables
- type Rule
- type RuleEnforcer
- type RulesWithChain
- type TimeStamper
- type Timestamper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Enforcer ¶
func NewEnforcer ¶
func NewEnforcer(logger lager.Logger, timestamper TimeStamper, ipt IPTables) *Enforcer
func (*Enforcer) EnforceRulesAndChain ¶
func (e *Enforcer) EnforceRulesAndChain(rulesAndChain RulesWithChain) error
type GenericRule ¶
type GenericRule struct {
Properties []string
}
func NewAcceptExistingLocalRule ¶
func NewAcceptExistingLocalRule() GenericRule
func NewAcceptExistingRemoteRule ¶
func NewAcceptExistingRemoteRule(vni int) GenericRule
func NewDefaultDenyLocalRule ¶
func NewDefaultDenyLocalRule(localSubnet string) GenericRule
func NewDefaultDenyRemoteRule ¶
func NewDefaultDenyRemoteRule(vni int) GenericRule
func NewDefaultEgressRule ¶
func NewDefaultEgressRule(localSubnet, overlayNetwork string) GenericRule
func NewLogRule ¶
func NewLogRule(guardConditions []string, name string) GenericRule
func NewMarkAllowRule ¶
func NewMarkAllowRule(destinationIP, protocol string, port int, tag string, sourceAppGUID, destinationAppGUID string) GenericRule
func NewMarkSetRule ¶
func NewMarkSetRule(sourceIP, tag, appGUID string) GenericRule
func NewNetOutDefaultRejectRule ¶
func NewNetOutDefaultRejectRule(subnet, overlayNetwork string) GenericRule
func NewNetOutRelatedEstablishedRule ¶
func NewNetOutRelatedEstablishedRule(subnet, overlayNetwork string) GenericRule
func NewNetOutRule ¶
func NewNetOutRule(containerIP string, startIP string, endIP string) GenericRule
func NewNetOutWithPortsRule ¶
type IPTables ¶
type IPTables interface { Exists(table, chain string, rulespec ...string) (bool, error) Insert(table, chain string, pos int, rulespec ...string) error AppendUnique(table, chain string, rulespec ...string) error Delete(table, chain string, rulespec ...string) error List(table, chain string) ([]string, error) NewChain(table, chain string) error ClearChain(table, chain string) error DeleteChain(table, chain string) error }
type RuleEnforcer ¶
type RulesWithChain ¶
type TimeStamper ¶
type TimeStamper interface {
CurrentTime() int
}
type Timestamper ¶
type Timestamper struct{}
func (Timestamper) CurrentTime ¶
func (_ Timestamper) CurrentTime() int
Click to show internal directories.
Click to hide internal directories.