Documentation
¶
Index ¶
Constants ¶
View Source
const ( // 传输协议 ProtocolTCP = `tcp` ProtocolUDP = `udp` ProtocolICMP = `icmp` ProtocolAll = `all` )
View Source
const ( // 规则表之间的顺序 // raw → mangle → nat → filter // 规则表表 TableFilter = `filter` // 过滤数据包。三个链:INPUT、FORWARD、OUTPUT TableNAT = `nat` // 用于网络地址转换(IP、端口)。 三个链:PREROUTING、POSTROUTING、OUTPUT TableMangle = `mangle` // 修改数据包的服务类型、TTL、并且可以配置路由实现QOS。五个链:PREROUTING、POSTROUTING、INPUT、OUTPUT、FORWARD TableRaw = `raw` // 决定数据包是否被状态跟踪机制处理。两个链:OUTPUT、PREROUTING )
View Source
const ( // 规则链之间的顺序 // ● 入站: PREROUTING → INPUT // ● 出站: OUTPUT → POSTROUTING // ● 转发: PREROUTING → FORWARD → POSTROUTIN // 规则链 ChainInput = `INPUT` // 进来的数据包应用此规则链中的策略 ChainOutput = `OUTPUT` // 外出的数据包应用此规则链中的策略 ChainForward = `FORWARD` // 转发数据包时应用此规则链中的策略 ChainPreRouting = `PREROUTING` // 对数据包作路由选择前应用此链中的规则(所有的数据包进来的时侯都先由这个链处理) ChainPostRouting = `POSTROUTING` // 对数据包作路由选择后应用此链中的规则(所有的数据包出来的时侯都先由这个链处理) )
View Source
const ( StateNew = `NEW` // 新连接 StateEstablished = `ESTABLISHED` // 后续对话连接 StateRelated = `RELATED` // 关联到其他连接的连接 StateInvalid = `INVALID` // 无效连接(没有任何状态) StateUntracked = `UNTRACKED` // 无法找到相关的连接 )
View Source
const ( // 防火墙处理数据包的四种方式 TargetAccept = `ACCEPT` // 允许数据包通过 TargetDrop = `DROP` // 直接丢弃数据包,不给任何回应信息 TargetReject = `REJECT` // 拒绝数据包通过,必要时会给数据发送端一个响应的信息 TargetLog = `LOG` // 在 /var/log/messages 文件中记录日志信息,然后将数据包传递给下一条规则 )
View Source
const ( RejectWithICMPPortUnreachable = `icmp-port-unreachable` // default RejectWithICMPNetUnreachable = `icmp-net-unreachable` RejectWithICMPHostUnreachable = `icmp-host-unreachable` RejectWithICMPProtoUnreachable = `icmp-proto-unreachable` RejectWithICMPNetProhibited = `icmp-net-prohibited` RejectWithICMPHostProhibited = `icmp-host-prohibited` RejectWithICMPAdminProhibited = `icmp-admin-prohibited` )
View Source
const ( TCPFlagALL = `ALL` // = SYN,ACK,FIN,RST,URG,PSH TCPFlagSYN = `SYN` TCPFlagACK = `ACK` TCPFlagFIN = `FIN` TCPFlagRST = `RST` TCPFlagURG = `URG` TCPFlagPSH = `PSH` )
View Source
const ( IPv4str = `4` IPv6str = `6` ZeroIPv4 = `0.0.0.0` ZeroIPv6 = `::` ZeroIPv4WithMask = ZeroIPv4 + `/0` ZeroIPv6WithMask = ZeroIPv6 + `/0` AnyInterface = `*` )
Variables ¶
View Source
var ( AllTCPFlags = []string{TCPFlagSYN, TCPFlagACK, TCPFlagFIN, TCPFlagRST, TCPFlagURG, TCPFlagPSH} DefaultTCPFlagsWithACK = []string{TCPFlagALL, TCPFlagSYN + `,` + TCPFlagACK} DefaultTCPFlags = []string{TCPFlagALL, TCPFlagSYN} DefaultTCPFlagsSimple = []string{`--syn`} // = DefaultTCPFlags )
View Source
var Actions = echo.NewKVData(). Add(TargetAccept, `✅ 接受`). Add(TargetDrop, `🚮 丢弃`). Add(TargetReject, `🚫 拒绝`). Add(TargetLog, `📝 记录日志`)
View Source
var ChainList = []string{ChainPreRouting, ChainInput, ChainOutput, ChainForward, ChainPostRouting}
View Source
var ChainParams = map[string][]string{
ChainInput: {`interface`, `localIp`, `localPort`, `outerface`, `remoteIp`, `remotePort`, `state`, `action`, `connLimit`, `rateLimit`, `rateBurst`, `rateExpires`},
ChainOutput: {`outerface`, `remoteIp`, `remotePort`, `state`, `action`},
ChainForward: {`interface`, `localIp`, `localPort`, `outerface`, `remoteIp`, `remotePort`, `state`, `action`},
ChainPreRouting: {`interface`, `localIp`, `localPort`},
ChainPostRouting: {`outerface`, `remoteIp`, `remotePort`},
}
View Source
var Directions = echo.NewKVData(). Add(ChainInput, `入站 (`+ChainInput+`)`). Add(ChainOutput, `出站 (`+ChainOutput+`)`). Add(ChainForward, `转发 (`+ChainForward+`)`). Add(ChainPreRouting, `路由之前 (`+ChainPreRouting+`)`). Add(ChainPostRouting, `路由之后 (`+ChainPostRouting+`)`)
View Source
var IPProtocols = echo.NewKVData(). Add(IPv4str, `IPv4`). Add(IPv6str, `IPv6`)
View Source
var InputIfaceChainList = []string{ChainPreRouting, ChainInput, ChainForward} // PREROUTING、INPUT、FORWARD
View Source
var NetProtocols = echo.NewKVData(). Add(ProtocolTCP, `TCP`). Add(ProtocolUDP, `UDP`). Add(ProtocolICMP, `ICMP`). Add(ProtocolAll, `不限`)
View Source
var OutputIfaceChainList = []string{ChainOutput, ChainForward, ChainPostRouting} // FORWARD、OUTPUT、POSTROUTING
View Source
var ProtocolList = []string{ProtocolAll, ProtocolTCP, ProtocolUDP, ProtocolICMP}
View Source
var RejectWithList = []string{ RejectWithICMPPortUnreachable, RejectWithICMPNetUnreachable, RejectWithICMPHostUnreachable, RejectWithICMPProtoUnreachable, RejectWithICMPNetProhibited, RejectWithICMPHostProhibited, RejectWithICMPAdminProhibited, }
View Source
var StateList = []string{StateNew, StateEstablished, StateRelated, StateInvalid, StateUntracked}
View Source
var TableList = []string{TableFilter, TableNAT, TableMangle, TableRaw}
View Source
var TablesChains = map[string][]string{ TableRaw: {ChainOutput, ChainPreRouting}, TableMangle: {ChainPreRouting, ChainInput, ChainOutput, ChainForward, ChainPostRouting}, TableNAT: {ChainPreRouting, ChainPostRouting}, TableFilter: {ChainInput, ChainOutput, ChainForward}, }
View Source
var TargetList = []string{TargetAccept, TargetDrop, TargetReject, TargetLog}
View Source
var Types = echo.NewKVData(). Add(TableFilter, `过滤器 (Filter)`). Add(TableNAT, `网络地址转换器 (NAT)`)
Functions ¶
func IsEmptyIface ¶
func IsEmptyPort ¶ added in v1.3.7
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.