nftables

package
v2.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2024 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FQDNCache

type FQDNCache interface {
	GetSetsForRendering(fqdns []firewallv1.FQDNSelector) (result []dns.RenderIPSet)
	GetSetsForFQDN(fqdn firewallv1.FQDNSelector, fqdnSets []firewallv1.IPSet) (result []firewallv1.IPSet)
	IsInitialized() bool
	CacheAddr() (string, error)
}

type Firewall

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall assembles nftable rules based on k8s entities

func NewFirewall

func NewFirewall(
	firewall *firewallv2.Firewall,
	cwnps *firewallv1.ClusterwideNetworkPolicyList,
	svcs *corev1.ServiceList,
	cache FQDNCache,
	log logr.Logger,
	recorder record.EventRecorder,
) *Firewall

NewFirewall creates a new nftables firewall object based on k8s entities

func (*Firewall) Flush

func (f *Firewall) Flush() error

Flush flushes the nftables rules that were deduced from a k8s resources after that the firewall is a "plain metal firewall" with default policy accept in the forward chain.

func (*Firewall) Reconcile

func (f *Firewall) Reconcile() (updated bool, err error)

Reconcile drives the nftables firewall against the desired state by comparison with the current rule file.

func (*Firewall) ReconcileNetconfTables

func (f *Firewall) ReconcileNetconfTables() error

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL