iptables

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TableFilter      = "filter"
	TableMangle      = "mangle"
	TableNat         = "nat"
	ChainInput       = "INPUT"
	ChainPREROUTING  = "PREROUTING"
	ChainPOSTROUTING = "POSTROUTING"
)

Variables

This section is empty.

Functions

func GetIPTablesRuleSpecification added in v0.6.0 

func GetIPTablesRuleSpecification(rule, specification string) string

Types

type Error 

type Error struct {
	exec.ExitError
	// contains filtered or unexported fields
}

Adds the output of stderr to exec.ExitError

func (*Error) Error 

func (e *Error) Error() string

func (*Error) ExitStatus 

func (e *Error) ExitStatus() int

func (*Error) IsNotExist 

func (e *Error) IsNotExist() bool

IsNotExist returns true if the error is due to the chain or rule not existing

type IPTables 

type IPTables struct {
	// contains filtered or unexported fields
}

func New 

func New(opts ...Option) (*IPTables, error)

New creates a new IPTables configured with the options passed as parameter. For backwards compatibility, by default always uses IPv4 and timeout 0. i.e. you can create an IPv6 IPTables using a timeout of 5 seconds passing the IPFamily and Timeout options as follow: 

ip6t := New(IPFamily(ProtocolIPv6), Timeout(5))

func NewWithProtocol 

func NewWithProtocol(proto Protocol) (*IPTables, error)

New creates a new IPTables for the given proto. The proto will determine which command is used, either "iptables" or "ip6tables".

func (*IPTables) Append 

func (ipt *IPTables) Append(table, chain string, rulespec ...string) error

Append appends rulespec to specified table/chain

func (*IPTables) AppendUnique 

func (ipt *IPTables) AppendUnique(table, chain string, rulespec ...string) error

AppendUnique acts like Append except that it won't add a duplicate

func (*IPTables) ChainExists 

func (ipt *IPTables) ChainExists(table, chain string) (bool, error)

'-S' is fine with non existing rule index as long as the chain exists therefore pass index 1 to reduce overhead for large chains

func (*IPTables) ChangePolicy 

func (ipt *IPTables) ChangePolicy(table, chain, target string) error

ChangePolicy changes policy on chain to target

func (*IPTables) ClearAll 

func (ipt *IPTables) ClearAll() error

func (*IPTables) ClearAndDeleteChain 

func (ipt *IPTables) ClearAndDeleteChain(table, chain string) error

func (*IPTables) ClearChain 

func (ipt *IPTables) ClearChain(table, chain string) error

ClearChain flushed (deletes all rules) in the specified table/chain. If the chain does not exist, a new one will be created

func (*IPTables) Delete 

func (ipt *IPTables) Delete(table, chain string, rulespec ...string) error

Delete removes rulespec in specified table/chain

func (*IPTables) DeleteAll 

func (ipt *IPTables) DeleteAll() error

func (*IPTables) DeleteChain 

func (ipt *IPTables) DeleteChain(table, chain string) error

DeleteChain deletes the chain in the specified table. The chain must be empty

func (*IPTables) DeleteIfExists 

func (ipt *IPTables) DeleteIfExists(table, chain string, rulespec ...string) error

func (*IPTables) Exists 

func (ipt *IPTables) Exists(table, chain string, rulespec ...string) (bool, error)

Exists checks if given rulespec in specified table/chain exists

func (*IPTables) GetIptablesVersion 

func (ipt *IPTables) GetIptablesVersion() (int, int, int)

Return version components of the underlying iptables command

func (*IPTables) HasRandomFully 

func (ipt *IPTables) HasRandomFully() bool

Check if the underlying iptables command supports the --random-fully flag

func (*IPTables) Insert 

func (ipt *IPTables) Insert(table, chain string, pos int, rulespec ...string) error

Insert inserts rulespec to specified table/chain (in specified pos)

func (*IPTables) InsertUnique 

func (ipt *IPTables) InsertUnique(table, chain string, pos int, rulespec ...string) error

InsertUnique acts like Insert except that it won't insert a duplicate (no matter the position in the chain)

func (*IPTables) List 

func (ipt *IPTables) List(table, chain string) ([]string, error)

List rules in specified table/chain

func (*IPTables) ListByID 

func (ipt *IPTables) ListByID(table, chain string, id int) (string, error)

List rules in specified table/chain

func (*IPTables) ListChains 

func (ipt *IPTables) ListChains(table string) ([]string, error)

ListChains returns a slice containing the name of each chain in the specified table.

func (*IPTables) ListWithCounters 

func (ipt *IPTables) ListWithCounters(table, chain string) ([]string, error)

List rules (with counters) in specified table/chain

func (*IPTables) NewChain 

func (ipt *IPTables) NewChain(table, chain string) error

NewChain creates a new chain in the specified table. If the chain already exists, it will result in an error.

func (*IPTables) ParseStat 

func (ipt *IPTables) ParseStat(stat []string) (parsed Stat, err error)

ParseStat parses a single statistic row into a Stat struct. The input should be a string slice that is returned from calling the Stat method.

func (*IPTables) Proto 

func (ipt *IPTables) Proto() Protocol

Proto returns the protocol used by this IPTables.

func (*IPTables) RenameChain 

func (ipt *IPTables) RenameChain(table, oldChain, newChain string) error

RenameChain renames the old chain to the new one.

func (*IPTables) Stats 

func (ipt *IPTables) Stats(table, chain string) ([][]string, error)

Stats lists rules including the byte and packet counts

func (*IPTables) StructuredStats 

func (ipt *IPTables) StructuredStats(table, chain string) ([]Stat, error)

StructuredStats returns statistics as structured data which may be further parsed and marshaled.

type Option 

type Option func(*IPTables)

func EnableNFTables 

func EnableNFTables(enable bool) Option

func IPFamily 

func IPFamily(proto Protocol) Option

func Timeout 

func Timeout(timeout int) Option

type Protocol 

type Protocol byte

Protocol to differentiate between IPv4 and IPv6 

const (
	ProtocolIPv4 Protocol = iota
	ProtocolIPv6
)

type Stat 

type Stat struct {
	Packets     uint64     `json:"pkts"`
	Bytes       uint64     `json:"bytes"`
	Target      string     `json:"target"`
	Protocol    string     `json:"prot"`
	Opt         string     `json:"opt"`
	Input       string     `json:"in"`
	Output      string     `json:"out"`
	Source      *net.IPNet `json:"source"`
	Destination *net.IPNet `json:"destination"`
	Options     string     `json:"options"`
}

Stat represents a structured statistic entry.

type Unlocker 

type Unlocker interface {
	Unlock() error
}

type Version added in v0.8.0 

type Version struct {
	Major       int
	Minor       int
	Patch       int
	BackendMode string
}

func GetVersion added in v0.8.0 

func GetVersion() (Version, error)

func ParseVersion added in v0.8.0 

func ParseVersion(versionString string) (Version, error)

func (Version) Compare added in v0.8.0 

func (v Version) Compare(other Version) int

func (Version) String added in v0.8.0 

func (v Version) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.