Documentation
¶
Index ¶
- func AddRules(rules []Rule, isAppend bool) error
- func DelRules(rules []Rule) error
- func RestoreRulesFiltered(rules []Rule, filter map[string]map[string]struct{}) error
- type Controller
- func (c *Controller) DeleteRule(table iptables.Table, chain iptables.Chain, proto iptables.Protocol, ...) error
- func (c *Controller) EnsureRule(table iptables.Table, chain iptables.Chain, proto iptables.Protocol, ...) error
- func (c *Controller) GetChainRuleArgs(table iptables.Table, chain iptables.Chain, proto iptables.Protocol) ([]RuleArg, error)
- func (c *Controller) GetIPv4ChainRuleArgs(table iptables.Table, chain iptables.Chain) ([]RuleArg, error)
- func (c *Controller) GetIPv6ChainRuleArgs(table iptables.Table, chain iptables.Chain) ([]RuleArg, error)
- func (c *Controller) OwnChain(table iptables.Table, chain iptables.Chain, proto iptables.Protocol) error
- func (c *Controller) Run(stopCh <-chan struct{}, syncPeriod time.Duration)
- type Rule
- type RuleArg
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RestoreRulesFiltered ¶
RestoreRulesFiltered adds the given rules to iptables. filter is a map[table][chain] of valid tables/chains to use for filtering rules to be added. If no rule exists for the filter, the chain will still be restored as empty.
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller manages iptables for clients
func NewController ¶
func NewController() *Controller
NewController creates a controller to manage chains and rules. Provides functionality to "own" a chain which allows consumers to ensure only the rules submitted to the controller persist and unmanaged rules are removed. If a chain is unowned, then only the rules that are submitted persist.
func (*Controller) DeleteRule ¶
func (c *Controller) DeleteRule(table iptables.Table, chain iptables.Chain, proto iptables.Protocol, ruleArg RuleArg) error
DeleteRule deletes an iptable rule
func (*Controller) EnsureRule ¶
func (c *Controller) EnsureRule(table iptables.Table, chain iptables.Chain, proto iptables.Protocol, ruleArg RuleArg) error
EnsureRule adds an iptable rule that will persist until deleted
func (*Controller) GetChainRuleArgs ¶
func (*Controller) GetIPv4ChainRuleArgs ¶
func (c *Controller) GetIPv4ChainRuleArgs(table iptables.Table, chain iptables.Chain) ([]RuleArg, error)
GetIPv4ChainRuleArgs returns IPv4 RuleArgs
func (*Controller) GetIPv6ChainRuleArgs ¶
func (c *Controller) GetIPv6ChainRuleArgs(table iptables.Table, chain iptables.Chain) ([]RuleArg, error)
GetIPv6ChainRuleArgs returns IPv6 RuleArgs
func (*Controller) OwnChain ¶
func (c *Controller) OwnChain(table iptables.Table, chain iptables.Chain, proto iptables.Protocol) error
OwnChain ensures this chain exists and any rules within it this component exclusively owns. Any rules that we do not manage for this chain will be removed.
func (*Controller) Run ¶
func (c *Controller) Run(stopCh <-chan struct{}, syncPeriod time.Duration)
Source Files