Documentation
¶
Index ¶
- Constants
- Variables
- func IsExist(err error) bool
- func IsSupported() bool
- func LineCommentParser(findComments []string) func(i uint, t string) (rowInfo cmdutils.RowInfo, err error)
- func ResetCheck()
- type Base
- func (a *Base) AddToBlacklistSet(ips []string, d time.Duration) error
- func (a *Base) AddToSet(set string, ips []string, d time.Duration) error
- func (a *Base) AsWhitelist(table, chain string) error
- func (a *Base) AttachBlackListSet() error
- func (a *Base) AttachSet(set string, action string) error
- func (a *Base) CreateBlackListSet() error
- func (a *Base) CreateSet(ctx context.Context, set string) error
- func (a *Base) DeleteByPosition(table, chain string, pos uint64) (err error)
- func (a *Base) FindPositionByID(table, chain string, id uint) (uint, error)
- func (a *Base) GetExeclutor() string
- func (a *Base) RemoveBlackListSet() error
- func (a *Base) RemoveSet(set string, action string) error
- func (a *Base) Stats(table, chain string) ([]map[string]string, error)
- type HashLimitMode
- type IPTables
- func (a *IPTables) AddDefault() error
- func (a *IPTables) Append(rules ...driver.Rule) (err error)
- func (a *IPTables) AsWhitelist(table, chain string) error
- func (a *IPTables) Ban(ips []string, expires time.Duration) error
- func (a *IPTables) Base() *Base
- func (a *IPTables) Clear() error
- func (a *IPTables) Delete(rules ...driver.Rule) (err error)
- func (a *IPTables) Enabled(on bool) error
- func (a *IPTables) Exists(rule driver.Rule) (bool, error)
- func (a *IPTables) Export(wfwFile string) error
- func (a *IPTables) FindPositionByID(table, chain string, id uint) (uint, error)
- func (a *IPTables) Import(wfwFile string) error
- func (a *IPTables) Insert(rules ...driver.Rule) (err error)
- func (a *IPTables) Reset() error
- func (a *IPTables) Update(rule driver.Rule) error
- type ModuleComment
- type ModuleConnLimit
- type ModuleHashLimit
- type ModuleLimit
- type ModuleString
- type ModuleTime
- type Moduler
Constants ¶
View Source
const ( FilterChainInput = `NgingFilterInput` FilterChainOutput = `NgingFilterOutput` FilterChainForward = `NgingFilterForward` NATChainPreRouting = `NgingNATPreRouting` NATChainPostRouting = `NgingNATPostRouting` )
View Source
const CommentPrefix = `NgingStatic`
Variables ¶
View Source
var ( RefFilterChains = map[string]string{ FilterChainInput: enums.ChainInput, FilterChainOutput: enums.ChainOutput, FilterChainForward: enums.ChainForward, } RefNATChains = map[string]string{ NATChainPreRouting: enums.ChainPreRouting, NATChainPostRouting: enums.ChainPostRouting, } FilterChains = []string{FilterChainInput, FilterChainOutput, FilterChainForward} NATChains = []string{NATChainPreRouting, NATChainPostRouting} )
View Source
var ModuleList = []string{`comment`, `string`, `time`, `connlimit`, `limit`}
Functions ¶
func IsSupported ¶ added in v1.3.2
func IsSupported() bool
func LineCommentParser ¶ added in v1.3.2
func ResetCheck ¶ added in v1.3.2
func ResetCheck()
Types ¶
type Base ¶ added in v1.3.5
func (*Base) AddToBlacklistSet ¶ added in v1.4.7
func (*Base) AsWhitelist ¶ added in v1.3.5
func (*Base) AttachBlackListSet ¶ added in v1.4.7
func (*Base) CreateBlackListSet ¶ added in v1.4.7
func (*Base) DeleteByPosition ¶ added in v1.3.5
func (*Base) FindPositionByID ¶ added in v1.3.5
func (*Base) GetExeclutor ¶ added in v1.4.7
func (*Base) RemoveBlackListSet ¶ added in v1.4.7
type HashLimitMode ¶ added in v1.3.5
type HashLimitMode string
const ( HashLimitModeSrcIP HashLimitMode = `srcip` HashLimitModeSrcPort HashLimitMode = `srcport` HashLimitModeDstIP HashLimitMode = `dstip` HashLimitModeDstPort HashLimitMode = `dstport` )
type IPTables ¶
func (*IPTables) AddDefault ¶ added in v1.4.7
func (*IPTables) AsWhitelist ¶ added in v1.3.2
func (*IPTables) FindPositionByID ¶ added in v1.3.5
type ModuleComment ¶ added in v1.3.2
type ModuleComment struct {
Comment string // 注释
}
func (*ModuleComment) Args ¶ added in v1.3.2
func (m *ModuleComment) Args() []string
func (*ModuleComment) ModuleStrings ¶ added in v1.3.2
func (m *ModuleComment) ModuleStrings() []string
func (*ModuleComment) String ¶ added in v1.3.2
func (m *ModuleComment) String() string
func (*ModuleComment) Strings ¶ added in v1.3.2
func (m *ModuleComment) Strings() []string
type ModuleConnLimit ¶ added in v1.3.2
type ModuleConnLimit struct {
Upto uint64 // 如果连接数低于或等于此值,则匹配
Above uint64 // 如果连接数高于此值,则匹配
Mask uint16 // 此选项不能单独使用,在使用–connlimit-above选项时,配合此选项,则可以针对”某类IP段内的一定数量的IP”进行连接数量的限制。例如 24 或 27。
}
ModuleConnLimit 限制每个IP的最大连接数
func ParseConnLimit ¶ added in v1.3.7
func ParseConnLimit(limitStr string) (*ModuleConnLimit, error)
func (*ModuleConnLimit) Args ¶ added in v1.3.2
func (m *ModuleConnLimit) Args() []string
func (*ModuleConnLimit) ModuleStrings ¶ added in v1.3.2
func (m *ModuleConnLimit) ModuleStrings() []string
func (*ModuleConnLimit) String ¶ added in v1.3.2
func (m *ModuleConnLimit) String() string
func (*ModuleConnLimit) Strings ¶ added in v1.3.2
func (m *ModuleConnLimit) Strings() []string
type ModuleHashLimit ¶ added in v1.3.5
type ModuleHashLimit struct {
Upto uint64 // 如果速率低于或等于此值,则匹配
Above uint64 // 如果速率高于此值,则匹配。
Unit string // 时间单位 second、minute、hour、day
Burst uint // 指定令牌桶中令牌的最大数量
Mode HashLimitMode // 一个用逗号分隔的对象列表。如果没有给出–hashlimit-mode选项,’hashlimit’ 的行为就像 ‘limit’ 一样,但是在做哈希管理的代价很高。
Mask uint16 // 当mode设置为 srcip 或 dstip 时, 配置相应的掩码表示一个网段。例如8、16、24、32
Name string // 定义这条hashlimit规则的名称, 所有的条目(entry)都存放在 /proc/net/ipt_hashlimit/{foo} 里。
Buckets uint // 散列表的桶数(buckets)
MaxEntries uint // 散列中的最大条目
ExpireMs uint // hash规则失效时间, 单位毫秒(milliseconds)
GcIntervalMs uint // 垃圾回收器回收的间隔时间, 单位毫秒
}
ModuleHashLimit 限制每个IP的最大发包数
func ParseHashLimits ¶ added in v1.3.5
func ParseHashLimits(rateStr string, burst uint) (*ModuleHashLimit, error)
func (*ModuleHashLimit) Args ¶ added in v1.3.5
func (m *ModuleHashLimit) Args() []string
func (*ModuleHashLimit) ModuleStrings ¶ added in v1.3.5
func (m *ModuleHashLimit) ModuleStrings() []string
func (*ModuleHashLimit) String ¶ added in v1.3.5
func (m *ModuleHashLimit) String() string
func (*ModuleHashLimit) Strings ¶ added in v1.3.5
func (m *ModuleHashLimit) Strings() []string
type ModuleLimit ¶ added in v1.3.2
type ModuleLimit struct {
Limit uint64 // 指定令牌桶中生成新令牌的频率
Unit string // 时间单位 second、minute、hour、day
Burst uint // 指定令牌桶中令牌的最大数量
}
ModuleLimit 限制每个IP的最大发包数
func ParseLimits ¶ added in v1.3.2
func ParseLimits(rateStr string, burst uint) (*ModuleLimit, error)
ParseLimits parse ModuleLimit rateStr := `1+/bytes/second`
func (*ModuleLimit) Args ¶ added in v1.3.2
func (m *ModuleLimit) Args() []string
func (*ModuleLimit) ModuleStrings ¶ added in v1.3.2
func (m *ModuleLimit) ModuleStrings() []string
func (*ModuleLimit) String ¶ added in v1.3.2
func (m *ModuleLimit) String() string
func (*ModuleLimit) Strings ¶ added in v1.3.2
func (m *ModuleLimit) Strings() []string
type ModuleString ¶ added in v1.3.2
type ModuleString struct {
Find string // 指定需要匹配的字符串。
Algo string // 指定对应的匹配算法,可用算法为bm、kmp,此选项为必选项。
}
func (*ModuleString) Args ¶ added in v1.3.2
func (m *ModuleString) Args() []string
func (*ModuleString) ModuleStrings ¶ added in v1.3.2
func (m *ModuleString) ModuleStrings() []string
func (*ModuleString) String ¶ added in v1.3.2
func (m *ModuleString) String() string
func (*ModuleString) Strings ¶ added in v1.3.2
func (m *ModuleString) Strings() []string
type ModuleTime ¶ added in v1.3.2
type ModuleTime struct {
Date [2]string // 2006-01-02
Time [2]string // 15:04:05
Weekdays []uint // 1-7
Monthdays []uint // 1-28/30/31
KernelTZ bool // KernelTZ 为 false 的情况下,以上参数时间的时区为 UTC。否则为本地机器时区。
}
func (*ModuleTime) Args ¶ added in v1.3.2
func (m *ModuleTime) Args() []string
func (*ModuleTime) ModuleStrings ¶ added in v1.3.2
func (m *ModuleTime) ModuleStrings() []string
func (*ModuleTime) String ¶ added in v1.3.2
func (m *ModuleTime) String() string
func (*ModuleTime) Strings ¶ added in v1.3.2
func (m *ModuleTime) Strings() []string
Source Files
Click to show internal directories.
Click to hide internal directories.