nat

package
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 29, 2024 License: ISC Imports: 7 Imported by: 0

Documentation

Overview

Package nat is the client.Policies.Nat namespace.

Normalized object: Entry

Index

Constants

View Source
const (
	DynamicIpAndPort = "dynamic-ip-and-port"
	DynamicIp        = "dynamic-ip"
	StaticIp         = "static-ip"
)

Values for Entry.SatType.

View Source
const (
	InterfaceAddress  = "interface-address"
	TranslatedAddress = "translated-address"
)

Values for Entry.SatAddressType.

View Source
const (
	Ip         = "ip"
	FloatingIp = "floating"
)

These are the valid settings for Entry.SatFallbackIpType.

View Source
const (
	DatTypeStatic  = "destination-translation"
	DatTypeDynamic = "dynamic-destination-translation"
)

These are valid settings for DatType.

View Source
const (
	TypeIpv4  = "ipv4"
	TypeNat64 = "nat64"
	TypeNptv6 = "nptv6"
)

Valid values for the Type value.

View Source
const None = "none"

None is a valid value for both Entry.SatType and Entry.SatAddressType.

Variables

This section is empty.

Functions

func RulesMatch

func RulesMatch(a, b Entry) bool

Types

type Entry

type Entry struct {
	Name                           string
	Description                    string
	Type                           string
	SourceZones                    []string // unordered
	DestinationZone                string
	ToInterface                    string
	Service                        string
	SourceAddresses                []string // unordered
	DestinationAddresses           []string // unordered
	SatType                        string
	SatAddressType                 string
	SatTranslatedAddresses         []string // unordered
	SatInterface                   string
	SatIpAddress                   string
	SatFallbackType                string
	SatFallbackTranslatedAddresses []string // unordered
	SatFallbackInterface           string
	SatFallbackIpType              string
	SatFallbackIpAddress           string
	SatStaticTranslatedAddress     string
	SatStaticBiDirectional         bool
	DatType                        string
	DatAddress                     string
	DatPort                        int
	DatDynamicDistribution         string // 8.1+
	Disabled                       bool
	Targets                        map[string][]string
	NegateTarget                   bool
	Tags                           []string // ordered
	Uuid                           string   // 9.0+
	GroupTag                       string   // 9.0+
}

Entry is a normalized, version independent representation of a NAT policy. The prefix "Sat" stands for "Source Address Translation" while the prefix "Dat" stands for "Destination Address Translation".

Targets is a map where the key is the serial number of the target device and the value is a list of specific vsys on that device. The list of vsys is nil if all vsys on that device should be included or if the device is a virtual firewall (and thus only has vsys1).

The following Sat params are linked:

SatType = nat.DynamicIpAndPort && SatAddressType = nat.TranslatedAddress:

  • SatTranslatedAddresses

SatType = nat.DynamicIpAndPort && SatAddressType = nat.InterfaceAddress:

  • SatInterface
  • SatIpAddress

For ALL SatType = nat.DynamicIp:

  • SatTranslatedAddresses

For ALL SatType = nat.DynamicIp and SatFallbackType = nat.InterfaceAddress:

  • SatFallbackInterface

SatType = nat.DynamicIp && SatFallbackType = nat.InterfaceAddress && SatFallbackIpType = nat.Ip:

  • SatFallbackIpAddress

SatType = nat.DynamicIp && SatFallbackType = nat.InterfaceAddress && SatFallbackIpType = nat.FloatingIp:

  • SatFallbackIpAddress

SatType = nat.DynamicIp and SatFallbackType = nat.TranslatedAddress:

  • SatFallbackTranslatedAddresses

SatType = nat.StaticIp:

  • SatStaticTranslatedAddress
  • SatStaticBiDirectional

If both DatAddress and DatPort are unintialized, then no destination address translation will be enabled; setting DatType by itself is not good enough.

func (*Entry) Copy

func (o *Entry) Copy(s Entry)

Copy copies the information from source Entry `s` to this object. As the Name and UUID fields relates to the identity of this object, this fields are not copied.

func (*Entry) Defaults

func (o *Entry) Defaults()

Defaults sets params with uninitialized values to their GUI default setting.

The defaults are as follows:

  • Type: "ipv4"
  • ToInterface: "any"
  • Service: "any"
  • SourceAddresses: ["any"]
  • DestinationAddresses: ["any"]
  • SatType: None
  • DatType: DatTypeStatic

func (Entry) Specify

func (o Entry) Specify(v version.Number) (string, interface{})

type Firewall

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall is the client.Policies.Nat namespace.

func FirewallNamespace

func FirewallNamespace(client util.XapiClient) *Firewall

FirewallNamespace returns an initialized namespace.

func (*Firewall) AllFromPanosConfig

func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Firewall) AuditCommentHistory

func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Firewall) ConfigureRules

func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Firewall) CurrentAuditComment

func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Firewall) Delete

func (c *Firewall) Delete(vsys string, e ...interface{}) error

Delete performs DELETE to remove the specified objects.

Objects can be either a string or an Entry object.

func (*Firewall) Edit

func (c *Firewall) Edit(vsys string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Firewall) FromPanosConfig

func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Firewall) Get

func (c *Firewall) Get(vsys, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Firewall) GetAll

func (c *Firewall) GetAll(vsys string) ([]Entry, error)

GetAll performs GET to retrieve all objects configured.

func (*Firewall) GetList

func (c *Firewall) GetList(vsys string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Firewall) HitCount

func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error)

HitCount gets the rule hit count for the given rules.

If the rules param is nil, then the hit count for all rules is returned.

func (*Firewall) MoveGroup

func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of NAT rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Firewall) Set

func (c *Firewall) Set(vsys string, e ...Entry) error

Set performs SET to configure the specified objects.

func (*Firewall) SetAuditComment

func (c *Firewall) SetAuditComment(vsys, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Firewall) Show

func (c *Firewall) Show(vsys, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Firewall) ShowAll

func (c *Firewall) ShowAll(vsys string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Firewall) ShowList

func (c *Firewall) ShowList(vsys string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

type Panorama

type Panorama struct {
	// contains filtered or unexported fields
}

Panorama is the client.Policies.Nat namespace.

The "dg" param in these functions is the device group.

The "base" param in these functions should be one of the rulebase constants in the "util" package.

func PanoramaNamespace

func PanoramaNamespace(client util.XapiClient) *Panorama

PanoramaNamespace returns an initialized namespace.

func (*Panorama) AllFromPanosConfig

func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Panorama) AuditCommentHistory

func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Panorama) ConfigureRules

func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Panorama) CurrentAuditComment

func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Panorama) Delete

func (c *Panorama) Delete(dg, base string, e ...interface{}) error

Delete removes the given objects.

Objects can be a string or an Entry object.

func (*Panorama) Edit

func (c *Panorama) Edit(dg, base string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Panorama) FromPanosConfig

func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Panorama) Get

func (c *Panorama) Get(dg, base, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Panorama) GetAll

func (c *Panorama) GetAll(dg, base string) ([]Entry, error)

GetAll performs GET to retrieve information for all objects.

func (*Panorama) GetList

func (c *Panorama) GetList(dg, base string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Panorama) MoveGroup

func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of NAT rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Panorama) Set

func (c *Panorama) Set(dg, base string, e ...Entry) error

Set performs SET to create / update one or more objects.

func (*Panorama) SetAuditComment

func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Panorama) Show

func (c *Panorama) Show(dg, base, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Panorama) ShowAll

func (c *Panorama) ShowAll(dg, base string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Panorama) ShowList

func (c *Panorama) ShowList(dg, base string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL