Documentation ¶
Index ¶
- type ConntrackParameter
- type CtParameter
- type DestinationParameter
- type JumpParameter
- type MatchParameter
- type OutInterfaceParameter
- type OwnerParameter
- type Parameter
- func Destination(address string) *Parameter
- func Jump(parameter *JumpParameter) *Parameter
- func Match(matchParameters ...*MatchParameter) *Parameter
- func NotDestination(address string) *Parameter
- func OutInterface(name string) *Parameter
- func Protocol(parameter *ProtocolParameter) *Parameter
- func Source(parameter *SourceParameter) *Parameter
- type ParameterBuilder
- type ProtocolParameter
- type SourceParameter
- type TcpUdpParameter
- func DestinationPort(port uint16) *TcpUdpParameter
- func DestinationPortRangeOrValue(uIDsToPorts config.UIDsToPorts) *TcpUdpParameter
- func NotDestinationPort(port uint16) *TcpUdpParameter
- func NotDestinationPortIf(predicate func() bool, port uint16) *TcpUdpParameter
- func SourcePort(port uint16) *TcpUdpParameter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConntrackParameter ¶ added in v0.2.0
type ConntrackParameter struct {
// contains filtered or unexported fields
}
func Ctstate ¶ added in v0.2.0
func Ctstate(state conntrack.State, states ...conntrack.State) *ConntrackParameter
Ctstate expects at least one state is necessary, so that's the reason for split of parameters
func (*ConntrackParameter) Build ¶ added in v0.2.0
func (p *ConntrackParameter) Build(bool) string
func (*ConntrackParameter) Negate ¶ added in v0.2.0
func (p *ConntrackParameter) Negate() ParameterBuilder
type CtParameter ¶
type CtParameter struct {
// contains filtered or unexported fields
}
func Zone ¶
func Zone(id string) *CtParameter
func (*CtParameter) Build ¶
func (p *CtParameter) Build() []string
type DestinationParameter ¶
type DestinationParameter struct {
// contains filtered or unexported fields
}
func (*DestinationParameter) Build ¶
func (p *DestinationParameter) Build(bool) string
func (*DestinationParameter) Negate ¶
func (p *DestinationParameter) Negate() ParameterBuilder
type JumpParameter ¶
type JumpParameter struct {
// contains filtered or unexported fields
}
func Ct ¶
func Ct(ctParameters ...*CtParameter) *JumpParameter
func Drop ¶ added in v0.2.0
func Drop() *JumpParameter
func Log ¶ added in v0.7.1
func Log(prefix string, level uint16) *JumpParameter
func Return ¶
func Return() *JumpParameter
func ToPort ¶
func ToPort(port uint16) *JumpParameter
func ToUserDefinedChain ¶
func ToUserDefinedChain(chainName string) *JumpParameter
func (*JumpParameter) Build ¶
func (p *JumpParameter) Build(bool) string
func (*JumpParameter) Negate ¶
func (p *JumpParameter) Negate() ParameterBuilder
type MatchParameter ¶
type MatchParameter struct {
// contains filtered or unexported fields
}
func Conntrack ¶ added in v0.2.0
func Conntrack(conntrackParameters ...*ConntrackParameter) *MatchParameter
Conntrack when combined with connection tracking, allows access to the connection tracking state for this packet/connection.
func Owner ¶
func Owner(ownerParameters ...*OwnerParameter) *MatchParameter
Owner attempts to match various characteristics of the packet creator,for locally generated packets. This match is only valid in the OUTPUT and POSTROUTING chains. Forwarded packets do not have any socket associated with them. Packets from kernel threads do have a socket, but usually no owner
func (*MatchParameter) Build ¶
func (p *MatchParameter) Build(verbose bool) string
func (*MatchParameter) Negate ¶
func (p *MatchParameter) Negate() ParameterBuilder
type OutInterfaceParameter ¶
type OutInterfaceParameter struct {
// contains filtered or unexported fields
}
func (*OutInterfaceParameter) Build ¶
func (p *OutInterfaceParameter) Build(bool) string
func (*OutInterfaceParameter) Negate ¶
func (p *OutInterfaceParameter) Negate() ParameterBuilder
type OwnerParameter ¶
type OwnerParameter struct {
// contains filtered or unexported fields
}
func Gid ¶
func Gid(id string) *OwnerParameter
Gid Matches if the packet socket's file structure is owned by the given group
func NotGid ¶
func NotGid(id string) *OwnerParameter
func NotUid ¶
func NotUid(id string) *OwnerParameter
func Uid ¶
func Uid(id string) *OwnerParameter
Uid matches if the packet socket's file structure (if it has one) is owned by the user with given UID
func UidRangeOrValue ¶ added in v0.6.0
func UidRangeOrValue(uIDsToPorts config.UIDsToPorts) *OwnerParameter
UidRangeOrValue matches if the packet socket's file structure (if it has one) is owned by the user with given list of UID values or ranges
func (*OwnerParameter) Build ¶
func (p *OwnerParameter) Build(bool) string
func (*OwnerParameter) Negate ¶
func (p *OwnerParameter) Negate() ParameterBuilder
type Parameter ¶
type Parameter struct {
// contains filtered or unexported fields
}
func Destination ¶
Destination will generate arguments for the "-d, --destination address[/mask]" flag See the description of the -s (source) flag for a detailed description of the syntax
ref. iptables(8) > PARAMETERS
func Jump ¶
func Jump(parameter *JumpParameter) *Parameter
func Match ¶
func Match(matchParameters ...*MatchParameter) *Parameter
func NotDestination ¶
func OutInterface ¶
OutInterface will generate arguments for the "-o, --out-interface name" flag Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). If the interface name ends in a "+", then any interface which begins with this name will match
ref. iptables(8) > PARAMETERS
func Protocol ¶
func Protocol(parameter *ProtocolParameter) *Parameter
func Source ¶
func Source(parameter *SourceParameter) *Parameter
Source will generate arguments for the "-s, --source address[/mask]" flag Address can be either a network name, a hostname, a network IP address (with /mask), or a plain IP address. Hostnames will be resolved once only, before the rule is submitted to the kernel. Please note that specifying any name to be resolved with a remote query such as DNS is a horrible idea. The mask can be either an ipv4 network mask (for iptables) or a plain number, specifying the number of 1's on the left side of the network mask. Thus, an iptables mask of 24 is equivalent to 255.255.255.0
ref. iptables(8) > PARAMETERS
func (*Parameter) Negate ¶
func (p *Parameter) Negate() ParameterBuilder
type ParameterBuilder ¶
type ParameterBuilder interface { Build(verbose bool) string Negate() ParameterBuilder }
type ProtocolParameter ¶
type ProtocolParameter struct {
// contains filtered or unexported fields
}
func Tcp ¶
func Tcp(tcpParameters ...*TcpUdpParameter) *ProtocolParameter
func Udp ¶
func Udp(udpParameters ...*TcpUdpParameter) *ProtocolParameter
func (*ProtocolParameter) Build ¶
func (p *ProtocolParameter) Build(verbose bool) string
func (*ProtocolParameter) Negate ¶
func (p *ProtocolParameter) Negate() ParameterBuilder
type SourceParameter ¶
type SourceParameter struct {
// contains filtered or unexported fields
}
func Address ¶
func Address(address string) *SourceParameter
func (*SourceParameter) Build ¶
func (p *SourceParameter) Build(bool) string
func (*SourceParameter) Negate ¶
func (p *SourceParameter) Negate() ParameterBuilder
type TcpUdpParameter ¶
type TcpUdpParameter struct {
// contains filtered or unexported fields
}
func DestinationPort ¶
func DestinationPort(port uint16) *TcpUdpParameter
func DestinationPortRangeOrValue ¶ added in v0.6.0
func DestinationPortRangeOrValue(uIDsToPorts config.UIDsToPorts) *TcpUdpParameter
func NotDestinationPort ¶
func NotDestinationPort(port uint16) *TcpUdpParameter
func NotDestinationPortIf ¶
func NotDestinationPortIf(predicate func() bool, port uint16) *TcpUdpParameter
func SourcePort ¶
func SourcePort(port uint16) *TcpUdpParameter
func (*TcpUdpParameter) Build ¶
func (p *TcpUdpParameter) Build(verbose bool) string
func (*TcpUdpParameter) Negate ¶
func (p *TcpUdpParameter) Negate() ParameterBuilder