Documentation ¶
Index ¶
- type IPTablesAdapter
- type IPTablesLocker
- type IPTablesRule
- func AppendComment(rule IPTablesRule, comment string) IPTablesRule
- func NewAcceptExistingLocalRule() IPTablesRule
- func NewAcceptExistingRemoteRule(vni int) IPTablesRule
- func NewAcceptRule() IPTablesRule
- func NewDefaultDenyLocalRule(localSubnet string) IPTablesRule
- func NewDefaultDenyRemoteRule(vni int) IPTablesRule
- func NewDefaultEgressRule(localSubnet, deviceName string) IPTablesRule
- func NewIngressMarkRule(hostInterface string, hostPort int, hostIP, tag string) IPTablesRule
- func NewInputAllowRule(containerIP, protocol, destination string, destPort int) IPTablesRule
- func NewInputDefaultRejectRule(subnet string) IPTablesRule
- func NewInputRelatedEstablishedRule(subnet string) IPTablesRule
- func NewLogLocalRejectRule(localSubnet string) IPTablesRule
- func NewLogRemoteRejectRule(vni int) IPTablesRule
- func NewLogRule(rule IPTablesRule, name string) IPTablesRule
- func NewMarkAllowRule(destinationIP, protocol string, port int, tag string, ...) IPTablesRule
- func NewMarkLogRule(destinationIP, protocol string, port int, tag string, ...) IPTablesRule
- func NewMarkSetRule(sourceIP, tag, appGUID string) IPTablesRule
- func NewNetOutDefaultLogRule(prefix string) IPTablesRule
- func NewNetOutDefaultRejectLogRule(containerHandle, subnet, deviceName string) IPTablesRule
- func NewNetOutDefaultRejectRule(subnet, deviceName string) IPTablesRule
- func NewNetOutICMPLogRule(containerIP, startIP, endIP string, icmpType, icmpCode int, chain string) IPTablesRule
- func NewNetOutICMPRule(containerIP, startIP, endIP string, icmpType, icmpCode int) IPTablesRule
- func NewNetOutLogRule(containerIP, startIP, endIP, chain string) IPTablesRule
- func NewNetOutRelatedEstablishedRule(subnet string) IPTablesRule
- func NewNetOutRule(containerIP, startIP, endIP string) IPTablesRule
- func NewNetOutWithPortsLogRule(containerIP, startIP, endIP string, startPort, endPort int, ...) IPTablesRule
- func NewNetOutWithPortsRule(containerIP, startIP, endIP string, startPort, endPort int, protocol string) IPTablesRule
- func NewOverlayAllowEgress(deviceName, containerIP string) IPTablesRule
- func NewOverlayDefaultRejectLogRule(containerHandle, containerIP string) IPTablesRule
- func NewOverlayDefaultRejectRule(containerIP string) IPTablesRule
- func NewOverlayRelatedEstablishedRule(containerIP string) IPTablesRule
- func NewOverlayTagAcceptRule(containerIP, tag string) IPTablesRule
- func NewPortForwardingRule(hostPort, containerPort int, hostIP, containerIP string) IPTablesRule
- type LockedIPTables
- func (l *LockedIPTables) BulkAppend(table, chain string, rulespec ...IPTablesRule) error
- func (l *LockedIPTables) BulkInsert(table, chain string, pos int, rulespec ...IPTablesRule) error
- func (l *LockedIPTables) ClearChain(table, chain string) error
- func (l *LockedIPTables) Delete(table, chain string, rulespec IPTablesRule) error
- func (l *LockedIPTables) DeleteChain(table, chain string) error
- func (l *LockedIPTables) Exists(table, chain string, rulespec IPTablesRule) (bool, error)
- func (l *LockedIPTables) List(table, chain string) ([]string, error)
- func (l *LockedIPTables) NewChain(table, chain string) error
- type Restorer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPTablesAdapter ¶
type IPTablesAdapter interface { Exists(table, chain string, rulespec IPTablesRule) (bool, error) Delete(table, chain string, rulespec IPTablesRule) error List(table, chain string) ([]string, error) NewChain(table, chain string) error ClearChain(table, chain string) error DeleteChain(table, chain string) error BulkInsert(table, chain string, pos int, rulespec ...IPTablesRule) error BulkAppend(table, chain string, rulespec ...IPTablesRule) error }
type IPTablesLocker ¶
type IPTablesLocker struct { FileLocker filelock.FileLocker Mutex *sync.Mutex // contains filtered or unexported fields }
func (*IPTablesLocker) Lock ¶
func (l *IPTablesLocker) Lock() error
TODO improve test coverage / add a close function to filelocker
func (*IPTablesLocker) Unlock ¶
func (l *IPTablesLocker) Unlock() error
type IPTablesRule ¶
type IPTablesRule []string
func AppendComment ¶
func AppendComment(rule IPTablesRule, comment string) IPTablesRule
func NewAcceptExistingLocalRule ¶
func NewAcceptExistingLocalRule() IPTablesRule
func NewAcceptExistingRemoteRule ¶
func NewAcceptExistingRemoteRule(vni int) IPTablesRule
func NewAcceptRule ¶
func NewAcceptRule() IPTablesRule
func NewDefaultDenyLocalRule ¶
func NewDefaultDenyLocalRule(localSubnet string) IPTablesRule
func NewDefaultDenyRemoteRule ¶
func NewDefaultDenyRemoteRule(vni int) IPTablesRule
func NewDefaultEgressRule ¶
func NewDefaultEgressRule(localSubnet, deviceName string) IPTablesRule
func NewIngressMarkRule ¶
func NewIngressMarkRule(hostInterface string, hostPort int, hostIP, tag string) IPTablesRule
func NewInputAllowRule ¶
func NewInputAllowRule(containerIP, protocol, destination string, destPort int) IPTablesRule
func NewInputDefaultRejectRule ¶
func NewInputDefaultRejectRule(subnet string) IPTablesRule
func NewInputRelatedEstablishedRule ¶
func NewInputRelatedEstablishedRule(subnet string) IPTablesRule
func NewLogLocalRejectRule ¶
func NewLogLocalRejectRule(localSubnet string) IPTablesRule
func NewLogRemoteRejectRule ¶
func NewLogRemoteRejectRule(vni int) IPTablesRule
func NewLogRule ¶
func NewLogRule(rule IPTablesRule, name string) IPTablesRule
func NewMarkAllowRule ¶
func NewMarkAllowRule(destinationIP, protocol string, port int, tag string, sourceAppGUID, destinationAppGUID string) IPTablesRule
func NewMarkLogRule ¶
func NewMarkLogRule(destinationIP, protocol string, port int, tag string, destinationAppGUID string) IPTablesRule
func NewMarkSetRule ¶
func NewMarkSetRule(sourceIP, tag, appGUID string) IPTablesRule
func NewNetOutDefaultLogRule ¶
func NewNetOutDefaultLogRule(prefix string) IPTablesRule
func NewNetOutDefaultRejectLogRule ¶
func NewNetOutDefaultRejectLogRule(containerHandle, subnet, deviceName string) IPTablesRule
func NewNetOutDefaultRejectRule ¶
func NewNetOutDefaultRejectRule(subnet, deviceName string) IPTablesRule
func NewNetOutICMPLogRule ¶
func NewNetOutICMPLogRule(containerIP, startIP, endIP string, icmpType, icmpCode int, chain string) IPTablesRule
func NewNetOutICMPRule ¶
func NewNetOutICMPRule(containerIP, startIP, endIP string, icmpType, icmpCode int) IPTablesRule
func NewNetOutLogRule ¶
func NewNetOutLogRule(containerIP, startIP, endIP, chain string) IPTablesRule
func NewNetOutRelatedEstablishedRule ¶
func NewNetOutRelatedEstablishedRule(subnet string) IPTablesRule
func NewNetOutRule ¶
func NewNetOutRule(containerIP, startIP, endIP string) IPTablesRule
func NewNetOutWithPortsLogRule ¶
func NewNetOutWithPortsLogRule(containerIP, startIP, endIP string, startPort, endPort int, protocol, chain string) IPTablesRule
func NewNetOutWithPortsRule ¶
func NewNetOutWithPortsRule(containerIP, startIP, endIP string, startPort, endPort int, protocol string) IPTablesRule
func NewOverlayAllowEgress ¶
func NewOverlayAllowEgress(deviceName, containerIP string) IPTablesRule
func NewOverlayDefaultRejectLogRule ¶
func NewOverlayDefaultRejectLogRule(containerHandle, containerIP string) IPTablesRule
func NewOverlayDefaultRejectRule ¶
func NewOverlayDefaultRejectRule(containerIP string) IPTablesRule
func NewOverlayRelatedEstablishedRule ¶
func NewOverlayRelatedEstablishedRule(containerIP string) IPTablesRule
func NewOverlayTagAcceptRule ¶
func NewOverlayTagAcceptRule(containerIP, tag string) IPTablesRule
func NewPortForwardingRule ¶
func NewPortForwardingRule(hostPort, containerPort int, hostIP, containerIP string) IPTablesRule
type LockedIPTables ¶
type LockedIPTables struct { IPTables iptables Locker locker Restorer restorer }
func (*LockedIPTables) BulkAppend ¶
func (l *LockedIPTables) BulkAppend(table, chain string, rulespec ...IPTablesRule) error
func (*LockedIPTables) BulkInsert ¶
func (l *LockedIPTables) BulkInsert(table, chain string, pos int, rulespec ...IPTablesRule) error
func (*LockedIPTables) ClearChain ¶
func (l *LockedIPTables) ClearChain(table, chain string) error
func (*LockedIPTables) Delete ¶
func (l *LockedIPTables) Delete(table, chain string, rulespec IPTablesRule) error
func (*LockedIPTables) DeleteChain ¶
func (l *LockedIPTables) DeleteChain(table, chain string) error
func (*LockedIPTables) Exists ¶
func (l *LockedIPTables) Exists(table, chain string, rulespec IPTablesRule) (bool, error)
func (*LockedIPTables) NewChain ¶
func (l *LockedIPTables) NewChain(table, chain string) error
Click to show internal directories.
Click to hide internal directories.