driver

Documentation

Index

• Constants
• Variables
• type Driver
• type Protocol
• type Rule
  • func (r *Rule) GenLimitSetName() string
  • func (r *Rule) IDBytes() []byte
  • func (r *Rule) IDString() string
• type Stat

Constants

const LimitSetNamePrefix = `nging_limit_`

Variables

var ErrInvalidIPv4 = errors.New(`invalid IPv4 address`)

var ErrInvalidIPv6 = errors.New(`invalid IPv6 address`)

var ErrInvalidRuleNumber = errors.New(`invalid rule number`)

var ErrNatIPOrNatPortRequired = errors.New(`NAT IP 和 NAT 端口 不能同时为空`)

var ErrUnsupported = errors.New(`unsupported`)

var ErrUnsupportedChain = fmt.Errorf(`%w chain`, ErrUnsupported)

var ErrUnsupportedTable = fmt.Errorf(`%w table`, ErrUnsupported)

Types

type Driver

type Driver interface {
	AddDefault() error
	Enabled(on bool) error
	Reset() error // 重置（恢复到出厂设置）
	Clear() error // 清空本系统创建的所有规则
	Import(wfwFile string) error
	Export(wfwFile string) error
	Insert(rules ...Rule) error
	AsWhitelist(table, chain string) error
	Append(rules ...Rule) error
	Update(rule Rule) error
	Delete(rules ...Rule) error
	Exists(rule Rule) (bool, error)
	Ban(ips []string, expires time.Duration) error
	Unban(ips ...string) error
	DeleteElementInSet(table, set, element string) error
	FindPositionByID(table, chain string, id uint) (uint, error)
	ClearSet(table, set string) error
}

type Protocol

type Protocol byte

Protocol to differentiate between IPv4 and IPv6

const (
	ProtocolIPv4 Protocol = iota
	ProtocolIPv6
)

type Rule

type Rule struct {
	ID        uint   `json:"id,omitempty" xml:"id,omitempty"`             // 静态规则 ID
	CustomID  string `json:"customID,omitempty" xml:"customID,omitempty"` // 自定义 ID 字符串， ID 为 0 时有效
	Number    uint   `json:"num,omitempty" xml:"num,omitempty"`           // 防火墙的规则编号。iptables 为 position 值；nftables 为 handle 值
	Type      string `json:"type" xml:"type"`                             // 表 filter / nat / etc.
	Name      string `json:"name" xml:"name"`                             // 名称
	Direction string `json:"direction" xml:"direction"`                   // 链 INPUT / OUTPUT / etc.
	Action    string `json:"action" xml:"action"`                         // ACCEPT / DROP / etc.
	Protocol  string `json:"protocol" xml:"protocol"`                     // tcp / udp / etc.

	// interface 网口
	Interface string `json:"interface" xml:"interface"` // 网络入口网络接口
	Outerface string `json:"outerface" xml:"outerface"` // 网络出口网络接口

	// state
	State string `json:"state" xml:"state"`

	// IP or Port
	RemoteIP   string `json:"remoteIP" xml:"remoteIP"`
	LocalIP    string `json:"localIP" xml:"localIP"`
	NatIP      string `json:"natIP" xml:"natIP"`
	RemotePort string `json:"remotePort" xml:"remotePort"` // 支持指定范围
	LocalPort  string `json:"localPort" xml:"localPort"`   // 支持指定范围
	NatPort    string `json:"natPort" xml:"natPort"`       // 支持指定范围
	IPVersion  string `json:"ipVersion"  xml:"ipVersion"`  // 4 or 6

	// Limit
	ConnLimit   string `json:"connLimit"  xml:"connLimit"`     // 每个IP最大连接数
	RateLimit   string `json:"rateLimit"  xml:"rateLimit"`     // 频率限制规则（格式：200/p/s）
	RateBurst   uint   `json:"rateBurst"  xml:"rateBurst"`     // 频率最大峰值
	RateExpires uint   `json:"rateExpires"  xml:"rateExpires"` // 过期时间（秒）
	Extra       echo.H `json:"extra,omitempty"  xml:"extra,omitempty"`
}

func (*Rule) GenLimitSetName

func (r *Rule) GenLimitSetName() string

func (*Rule) IDBytes

func (r *Rule) IDBytes() []byte

func (*Rule) IDString

func (r *Rule) IDString() string

type Stat

type Stat struct {
	Number      uint64     `json:"num,omitempty"`
	Packets     uint64     `json:"pkts"`
	Bytes       uint64     `json:"bytes"`
	Target      string     `json:"target"`
	Protocol    string     `json:"prot"`
	Opt         string     `json:"opt"`
	Input       string     `json:"in"`
	Output      string     `json:"out"`
	Source      *net.IPNet `json:"source"`
	Destination *net.IPNet `json:"destination"`
	Options     string     `json:"options"`
}

Stat represents a structured statistic entry.