iptsave

package

v2.0.2+incompatible Latest Latest Go to latest Published: Feb 7, 2018 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

IPTsave is a library that provides IPtables type that can read iptables-save output and create a tokenized representation of it. Also it can render current tree into output suiteable for iptables-restore.

Provides a Lexer struct that extracts tokens from iptables-save output.

Provides a definition of Item for the Lexer.

Index ¶

Variables
type ActionType
type IPchain
- func MergeTables(dstTable, srcTable *IPtable) []*IPchain
- func ParseRule(input io.Reader) *IPchain
- func (ic *IPchain) AppendRule(rule *IPrule)
- func (ic *IPchain) DeleteRule(rule *IPrule)
- func (ic *IPchain) InsertRule(index int, rule *IPrule)
- func (ic IPchain) IsBuiltin() bool
- func (ic IPchain) RenderFooter() string
- func (ic IPchain) RenderHeader() string
- func (ic IPchain) RuleInChain(rule *IPrule) bool
- func (ic IPchain) String() string
type IPrule
- func DiffRules(dstRules, srcRules []*IPrule) (uniqDest, uniqSrc, common []*IPrule)
- func MergeChains(dstChain, srcChain *IPchain) []*IPrule
- func MergeUserChains(dstChain, srcChain *IPchain) []*IPrule
- func (ir IPrule) String() string
type IPtable
- func (i *IPtable) ChainByName(name string) *IPchain
- func (it IPtable) RenderFooter() string
- func (it IPtable) RenderHeader() string
- func (it IPtable) String() string
type IPtables
- func (i *IPtables) Parse(input io.Reader)
- func (i *IPtables) Render() string
- func (i *IPtables) TableByName(name string) *IPtable
type IPtablesAction
- func (ia IPtablesAction) String() string
type IPtablesComment
type Item
type ItemType
- func (i ItemType) String() string
type Lexer
- func NewLexer(input *bufio.Reader) *Lexer
- func (l *Lexer) NextItem() Item
type Match
- func (m Match) String() string
type RenderState
- func (r RenderState) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var BuiltinChains = []string{"INPUT", "OUTPUT", "FORWARD", "PREROUTING", "POSTROUTING"}

Functions ¶

This section is empty.

Types ¶

type ActionType ¶

type ActionType int

const (
	ActionDefault ActionType = iota
	ActionOther
)

type IPchain ¶

type IPchain struct {
	Name        string
	Policy      string
	Counters    string
	Rules       []*IPrule
	RenderState RenderState
}

IPchain represents a chain in iptables.

func MergeTables ¶

func MergeTables(dstTable, srcTable *IPtable) []*IPchain

MergeTables merges source IPtable into destination IPtable, returns a list of chains with only rules from source table that were propagated into destination table.

func ParseRule ¶

func ParseRule(input io.Reader) *IPchain

ParseRule takes single iptables rule and returns new IPchain with single IPrule.

func (*IPchain) AppendRule ¶

func (ic *IPchain) AppendRule(rule *IPrule)

AppendRule appends new rule to the chain.

func (*IPchain) DeleteRule ¶

func (ic *IPchain) DeleteRule(rule *IPrule)

DeleteRule appends new rule to the chain and sets rule render state to Delete.

func (*IPchain) InsertRule ¶

func (ic *IPchain) InsertRule(index int, rule *IPrule)

InsertRule inserts new rule into the chain at given index. If index is larger then size of rules slice, this method will append the rule.

func (IPchain) IsBuiltin ¶

func (ic IPchain) IsBuiltin() bool

IsBuiltin returns true if chain is one of builtin chains.

func (IPchain) RenderFooter ¶

func (ic IPchain) RenderFooter() string

RenderFooter returns string representation of the rules in the chain e.g. -A MYCHAIN <match> -j <action> -D MYCHAIN <othermatch> -j <otheraction)

func (IPchain) RenderHeader ¶

func (ic IPchain) RenderHeader() string

RenderHeader returns string representation of chains header e.g. :MYCHAIN ACCEPT [0:0]

func (IPchain) RuleInChain ¶

func (ic IPchain) RuleInChain(rule *IPrule) bool

RuleInChain tests if the chain contains given rule.

func (IPchain) String ¶

func (ic IPchain) String() string

type IPrule ¶

type IPrule struct {
	RenderState RenderState

	// From iptables man page.
	// rule-specification = [matches...] [target]
	// match = -m matchname [per-match-options]
	Match  []*Match
	Action IPtablesAction
}

IPrule represents a rule in iptables.

func DiffRules ¶

func DiffRules(dstRules, srcRules []*IPrule) (uniqDest, uniqSrc, common []*IPrule)

DiffRules compares 2 lists of iptables rules and returns 3 new lists, 1. return argument, rules that only found in first list 2. return argument, rules that only found in second list 3. return argumant, rules that found in bouth input lists

func MergeChains ¶

func MergeChains(dstChain, srcChain *IPchain) []*IPrule

MergeChains merges source IPchain into destination IPchain, returns a list of rules that were added.

func MergeUserChains ¶

func MergeUserChains(dstChain, srcChain *IPchain) []*IPrule

MergeUserChains merges rules from the source chain into the destination chain produces list of rules that combines rules from both chains with order preserved as much as possible.

func (IPrule) String ¶

func (ir IPrule) String() string

type IPtable ¶

type IPtable struct {
	Name   string
	Chains []*IPchain
}

IPtable represents table in iptables.

func (*IPtable) ChainByName ¶

func (i *IPtable) ChainByName(name string) *IPchain

ChainByName looks for IPchain with corresponding name and returns a pointer to it.

func (IPtable) RenderFooter ¶

func (it IPtable) RenderFooter() string

Renders footer of iptables table.

func (IPtable) RenderHeader ¶

func (it IPtable) RenderHeader() string

Renders header of iptables table.

func (IPtable) String ¶

func (it IPtable) String() string

type IPtables ¶

type IPtables struct {
	Tables []*IPtable
	// contains filtered or unexported fields
}

IPtables represents iptables configuration.

func (*IPtables) Parse ¶

func (i *IPtables) Parse(input io.Reader)

Parse prepares input stream, initializes lexer and launches a parse loop.

func (*IPtables) Render ¶

func (i *IPtables) Render() string

Render produces iptables-restore compatible representation of current structure.

func (*IPtables) TableByName ¶

func (i *IPtables) TableByName(name string) *IPtable

TableByName returns pointer to the IPtable with corresponding name. e.g. iptables "filter" table.

type IPtablesAction ¶

type IPtablesAction struct {
	Type ActionType
	Body string
}

IPtablesAction represents an action in iptables rule. e.g. "-j DROP"

"-j DNAT --to-destination 1.2.3.4"

func (IPtablesAction) String ¶

func (ia IPtablesAction) String() string

type IPtablesComment ¶

type IPtablesComment string

IPtablesComment represents a comment in iptables.

type Item ¶

type Item struct {
	Type ItemType
	Body string
}

type ItemType ¶

type ItemType int

const (
	ItemError ItemType = iota
	ItemEOF
)

func (ItemType) String ¶

func (i ItemType) String() string

type Lexer ¶

type Lexer struct {
	// contains filtered or unexported fields
}

Lexer extracts iptables lexical items from the input stream.

func NewLexer ¶

func NewLexer(input *bufio.Reader) *Lexer

Returns new iptables Lexer

func (*Lexer) NextItem ¶

func (l *Lexer) NextItem() Item

NextItem returns next item from input stream.

type Match ¶

type Match struct {
	Negated bool
	Body    string
}

Match is a string representation of a simple boolean expressio in iptables terms. e.g. "-o eth1"

"-m comment --comment HelloWorld"
"! -p tcp --dport 80"

func (Match) String ¶

func (m Match) String() string

type RenderState ¶

type RenderState int

const (
	RenderAppendRule RenderState = 0
	RenderDeleteRule RenderState = 1
)

func (RenderState) String ¶

func (r RenderState) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
iptablesSave

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL