iptables

package
v0.3.2-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 10, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package iptables contains the necessary data structures and functions to interact with iptables and therefore insert/delete filter and NAT rules.

Index

Constants

View Source
const (

	// MASQUERADE action constant.
	MASQUERADE = "MASQUERADE"
	// SNAT action constant.
	SNAT = "SNAT"
	// DNAT action constant.
	DNAT = "DNAT"
	// NETMAP action constant.
	NETMAP = "NETMAP"
	// ACCEPT action constant.
	ACCEPT = "ACCEPT"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type IPTHandler

type IPTHandler struct {
	// contains filtered or unexported fields
}

IPTHandler a handler that exposes all the functions needed to configure the iptables chains and rules.

func NewIPTHandler

func NewIPTHandler() (IPTHandler, error)

NewIPTHandler return the iptables handler used to configure the iptables rules.

func (IPTHandler) EnsureChainRulesPerCluster

func (h IPTHandler) EnsureChainRulesPerCluster(tep *netv1alpha1.TunnelEndpoint) error

EnsureChainRulesPerCluster reads TunnelEndpoint resource and makes sure that chain rules for the given cluster exist.

func (IPTHandler) EnsureChainsPerCluster

func (h IPTHandler) EnsureChainsPerCluster(clusterID string) error

EnsureChainsPerCluster is used to be sure input, output, postrouting and prerouting chain for a given cluster are present in the NAT table and Filter table.

func (IPTHandler) EnsurePostroutingRules

func (h IPTHandler) EnsurePostroutingRules(tep *netv1alpha1.TunnelEndpoint) error

EnsurePostroutingRules makes sure that the postrouting rules for a given cluster are in place and updated.

func (IPTHandler) EnsurePreroutingRulesPerNatMapping

func (h IPTHandler) EnsurePreroutingRulesPerNatMapping(nm *netv1alpha1.NatMapping) error

EnsurePreroutingRulesPerNatMapping makes sure that the prerouting rules extracted from a NatMapping resource are place and updated.

func (IPTHandler) EnsurePreroutingRulesPerTunnelEndpoint

func (h IPTHandler) EnsurePreroutingRulesPerTunnelEndpoint(tep *netv1alpha1.TunnelEndpoint) error

EnsurePreroutingRulesPerTunnelEndpoint makes sure that the prerouting rules extracted from a TunnelEndpoint resource are place and updated.

func (IPTHandler) Init

func (h IPTHandler) Init() error

Init function is called at startup of the operator. here we: create LIQONET-FORWARD in the filter table and insert it in the "FORWARD" chain. create LIQONET-INPUT in the filter table and insert it in the input chain. create LIQONET-POSTROUTING in the nat table and insert it in the "POSTROUTING" chain. create LIQONET-PREROUTING in the nat table and insert it in the "PREROUTING" chain.

func (IPTHandler) ListRulesInChain

func (h IPTHandler) ListRulesInChain(chain string) ([]string, error)

ListRulesInChain is used to adjust the result returned by List of go-iptables.

func (IPTHandler) RemoveIPTablesConfigurationPerCluster

func (h IPTHandler) RemoveIPTablesConfigurationPerCluster(tep *netv1alpha1.TunnelEndpoint) error

RemoveIPTablesConfigurationPerCluster clears and deletes input, forward, prerouting and postrouting chains for a remote cluster. In order to remove them, function first deletes related rules in LIQO-POSTROUTING, LIQO-PREROUTING, LIQO-FORWARD and LIQO-INPUT.

func (IPTHandler) Terminate

func (h IPTHandler) Terminate() error

Terminate func is the counterpart of Init. It removes Liqo configuration from iptables.

type IPTableRule

type IPTableRule []string

IPTableRule is a slice of string. This is the format used by module go-iptables.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL