enums

package
v1.4.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 16, 2023 License: AGPL-3.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// 传输协议
	ProtocolTCP  = `tcp`
	ProtocolUDP  = `udp`
	ProtocolICMP = `icmp`
	ProtocolAll  = `all`
)
View Source
const (
	// 规则表之间的顺序
	// raw → mangle → nat → filter
	// 规则表表
	TableFilter = `filter` // 过滤数据包。三个链:INPUT、FORWARD、OUTPUT
	TableNAT    = `nat`    // 用于网络地址转换(IP、端口)。 三个链:PREROUTING、POSTROUTING、OUTPUT
	TableMangle = `mangle` // 修改数据包的服务类型、TTL、并且可以配置路由实现QOS。五个链:PREROUTING、POSTROUTING、INPUT、OUTPUT、FORWARD
	TableRaw    = `raw`    // 决定数据包是否被状态跟踪机制处理。两个链:OUTPUT、PREROUTING
)
View Source
const (
	// 规则链之间的顺序
	// ● 入站: PREROUTING → INPUT
	// ● 出站: OUTPUT → POSTROUTING
	// ● 转发: PREROUTING → FORWARD → POSTROUTIN
	// 规则链
	ChainInput       = `INPUT`       // 进来的数据包应用此规则链中的策略
	ChainOutput      = `OUTPUT`      // 外出的数据包应用此规则链中的策略
	ChainForward     = `FORWARD`     // 转发数据包时应用此规则链中的策略
	ChainPreRouting  = `PREROUTING`  // 对数据包作路由选择前应用此链中的规则(所有的数据包进来的时侯都先由这个链处理)
	ChainPostRouting = `POSTROUTING` // 对数据包作路由选择后应用此链中的规则(所有的数据包出来的时侯都先由这个链处理)
)
View Source
const (
	StateNew         = `NEW`         // 新连接
	StateEstablished = `ESTABLISHED` // 后续对话连接
	StateRelated     = `RELATED`     // 关联到其他连接的连接
	StateInvalid     = `INVALID`     // 无效连接(没有任何状态)
	StateUntracked   = `UNTRACKED`   // 无法找到相关的连接
)
View Source
const (
	// 防火墙处理数据包的四种方式
	TargetAccept = `ACCEPT` // 允许数据包通过
	TargetDrop   = `DROP`   // 直接丢弃数据包,不给任何回应信息
	TargetReject = `REJECT` // 拒绝数据包通过,必要时会给数据发送端一个响应的信息
	TargetLog    = `LOG`    // 在 /var/log/messages 文件中记录日志信息,然后将数据包传递给下一条规则
)
View Source
const (
	RejectWithICMPPortUnreachable  = `icmp-port-unreachable` // default
	RejectWithICMPNetUnreachable   = `icmp-net-unreachable`
	RejectWithICMPHostUnreachable  = `icmp-host-unreachable`
	RejectWithICMPProtoUnreachable = `icmp-proto-unreachable`
	RejectWithICMPNetProhibited    = `icmp-net-prohibited`
	RejectWithICMPHostProhibited   = `icmp-host-prohibited`
	RejectWithICMPAdminProhibited  = `icmp-admin-prohibited`
)
View Source
const (
	TCPFlagALL = `ALL` // = SYN,ACK,FIN,RST,URG,PSH
	TCPFlagSYN = `SYN`
	TCPFlagACK = `ACK`
	TCPFlagFIN = `FIN`
	TCPFlagRST = `RST`
	TCPFlagURG = `URG`
	TCPFlagPSH = `PSH`
)
View Source
const (
	IPv4str          = `4`
	IPv6str          = `6`
	ZeroIPv4         = `0.0.0.0`
	ZeroIPv6         = `::`
	ZeroIPv4WithMask = ZeroIPv4 + `/0`
	ZeroIPv6WithMask = ZeroIPv6 + `/0`
	AnyInterface     = `*`
)

Variables

View Source
var (
	AllTCPFlags            = []string{TCPFlagSYN, TCPFlagACK, TCPFlagFIN, TCPFlagRST, TCPFlagURG, TCPFlagPSH}
	DefaultTCPFlagsWithACK = []string{TCPFlagALL, TCPFlagSYN + `,` + TCPFlagACK}
	DefaultTCPFlags        = []string{TCPFlagALL, TCPFlagSYN}
	DefaultTCPFlagsSimple  = []string{`--syn`} // = DefaultTCPFlags
)
View Source
var Actions = echo.NewKVData().
	Add(TargetAccept, `✅ 接受`).
	Add(TargetDrop, `🚮 丢弃`).
	Add(TargetReject, `🚫 拒绝`).
	Add(TargetLog, `📝 记录日志`)
View Source
var ChainParams = map[string][]string{
	ChainInput:       {`interface`, `localIp`, `localPort`, `outerface`, `remoteIp`, `remotePort`, `state`, `action`, `connLimit`, `rateLimit`, `rateBurst`, `rateExpires`},
	ChainOutput:      {`outerface`, `remoteIp`, `remotePort`, `state`, `action`},
	ChainForward:     {`interface`, `localIp`, `localPort`, `outerface`, `remoteIp`, `remotePort`, `state`, `action`},
	ChainPreRouting:  {`interface`, `localIp`, `localPort`},
	ChainPostRouting: {`outerface`, `remoteIp`, `remotePort`},
}
View Source
var Directions = echo.NewKVData().
	Add(ChainInput, `入站 (`+ChainInput+`)`).
	Add(ChainOutput, `出站 (`+ChainOutput+`)`).
	Add(ChainForward, `转发 (`+ChainForward+`)`).
	Add(ChainPreRouting, `路由之前 (`+ChainPreRouting+`)`).
	Add(ChainPostRouting, `路由之后 (`+ChainPostRouting+`)`)
View Source
var IPProtocols = echo.NewKVData().
	Add(IPv4str, `IPv4`).
	Add(IPv6str, `IPv6`)
View Source
var InputIfaceChainList = []string{ChainPreRouting, ChainInput, ChainForward} // PREROUTING、INPUT、FORWARD
View Source
var NetProtocols = echo.NewKVData().
	Add(ProtocolTCP, `TCP`).
	Add(ProtocolUDP, `UDP`).
	Add(ProtocolICMP, `ICMP`).
	Add(ProtocolAll, `不限`)
View Source
var OutputIfaceChainList = []string{ChainOutput, ChainForward, ChainPostRouting} // FORWARD、OUTPUT、POSTROUTING
View Source
var Types = echo.NewKVData().
	Add(TableFilter, `过滤器 (Filter)`).
	Add(TableNAT, `网络地址转换器 (NAT)`)

Functions

func IsEmptyIP

func IsEmptyIP(ip string) bool

func IsEmptyIface

func IsEmptyIface(iface string) bool

func IsEmptyPort added in v1.3.7

func IsEmptyPort(port string) bool

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL