iptsave

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2017 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

IPTsave is a library that provides IPtables type that can read iptables-save output and create a tokenized representation of it. Also it can render current tree into output suiteable for iptables-restore.

Provides a Lexer struct that extracts tokens from iptables-save output.

Provides a definition of Item for the Lexer.

Index

Constants

This section is empty.

Variables

View Source 
var BuiltinChains = []string{"INPUT", "OUTPUT", "FORWARD", "PREROUTING", "POSTROUTING"}

Functions

This section is empty.

Types

type ActionType 

type ActionType int
const (
	ActionDefault ActionType = iota
	ActionOther
)

type IPchain 

type IPchain struct {
	Name        string
	Policy      string
	Counters    string
	Rules       []*IPrule
	RenderState RenderState
}

IPchain represents a chain in iptables.

func MergeTables 

func MergeTables(dstTable, srcTable *IPtable) []*IPchain

MergeTables merges source IPtable into destination IPtable, returns a list of chains with only rules from source table that were propagated into destination table.

func ParseRule 

func ParseRule(input io.Reader) *IPchain

ParseRule takes single iptables rule and returns new IPchain with single IPrule.

func (*IPchain) AppendRule 

func (ic *IPchain) AppendRule(rule *IPrule)

AppendRule appends new rule to the chain.

func (*IPchain) DeleteRule 

func (ic *IPchain) DeleteRule(rule *IPrule)

DeleteRule appends new rule to the chain and sets rule render state to Delete.

func (*IPchain) InsertRule 

func (ic *IPchain) InsertRule(index int, rule *IPrule)

InsertRule inserts new rule into the chain at given index. If index is larger then size of rules slice, this method will append the rule.

func (IPchain) IsBuiltin 

func (ic IPchain) IsBuiltin() bool

IsBuiltin returns true if chain is one of builtin chains.

func (IPchain) RenderFooter 

func (ic IPchain) RenderFooter() string

RenderFooter returns string representation of the rules in the chain e.g. -A MYCHAIN <match> -j <action> -D MYCHAIN <othermatch> -j <otheraction)

func (IPchain) RenderHeader 

func (ic IPchain) RenderHeader() string

RenderHeader returns string representation of chains header e.g. :MYCHAIN ACCEPT [0:0]

func (IPchain) RuleInChain 

func (ic IPchain) RuleInChain(rule *IPrule) bool

RuleInChain tests if the chain contains given rule.

func (IPchain) String 

func (ic IPchain) String() string

type IPrule 

type IPrule struct {
	RenderState RenderState

	// From iptables man page.
	// rule-specification = [matches...] [target]
	// match = -m matchname [per-match-options]
	Match  []*Match
	Action IPtablesAction
}

IPrule represents a rule in iptables.

func DiffRules 

func DiffRules(dstRules, srcRules []*IPrule) (uniqDest, uniqSrc, common []*IPrule)

DiffRules compares 2 lists of iptables rules and returns 3 new lists, 1. return argument, rules that only found in first list 2. return argument, rules that only found in second list 3. return argumant, rules that found in bouth input lists

func MergeChains 

func MergeChains(dstChain, srcChain *IPchain) []*IPrule

MergeChains merges source IPchain into destination IPchain, returns a list of rules that were added.

func MergeUserChains 

func MergeUserChains(dstChain, srcChain *IPchain) []*IPrule

MergeUserChains merges rules from the source chain into the destination chain produces list of rules that combines rules from both chains with order preserved as much as possible.

func (IPrule) String 

func (ir IPrule) String() string

type IPtable 

type IPtable struct {
	Name   string
	Chains []*IPchain
}

IPtable represents table in iptables.

func (*IPtable) ChainByName 

func (i *IPtable) ChainByName(name string) *IPchain

ChainByName looks for IPchain with corresponding name and returns a pointer to it.

func (IPtable) RenderFooter 

func (it IPtable) RenderFooter() string

Renders footer of iptables table.

func (IPtable) RenderHeader 

func (it IPtable) RenderHeader() string

Renders header of iptables table.

func (IPtable) String 

func (it IPtable) String() string

type IPtables 

type IPtables struct {
	Tables []*IPtable
	// contains filtered or unexported fields
}

IPtables represents iptables configuration.

func (*IPtables) Parse 

func (i *IPtables) Parse(input io.Reader)

Parse prepares input stream, initializes lexer and launches a parse loop.

func (*IPtables) Render 

func (i *IPtables) Render() string

Render produces iptables-restore compatible representation of current structure.

func (*IPtables) TableByName 

func (i *IPtables) TableByName(name string) *IPtable

TableByName returns pointer to the IPtable with corresponding name. e.g. iptables "filter" table.

type IPtablesAction 

type IPtablesAction struct {
	Type ActionType
	Body string
}

IPtablesAction represents an action in iptables rule. e.g. "-j DROP" 

"-j DNAT --to-destination 1.2.3.4"

func (IPtablesAction) String 

func (ia IPtablesAction) String() string

type IPtablesComment 

type IPtablesComment string

IPtablesComment represents a comment in iptables.

type Item 

type Item struct {
	Type ItemType
	Body string
}

type ItemType 

type ItemType int
const (
	ItemError ItemType = iota
	ItemEOF
)

func (ItemType) String 

func (i ItemType) String() string

type Lexer 

type Lexer struct {
	// contains filtered or unexported fields
}

Lexer extracts iptables lexical items from the input stream.

func NewLexer 

func NewLexer(input *bufio.Reader) *Lexer

Returns new iptables Lexer

func (*Lexer) NextItem 

func (l *Lexer) NextItem() Item

NextItem returns next item from input stream.

type Match 

type Match struct {
	Negated bool
	Body    string
}

Match is a string representation of a simple boolean expressio in iptables terms. e.g. "-o eth1" 

"-m comment --comment HelloWorld"
"! -p tcp --dport 80"

func (Match) String 

func (m Match) String() string

type RenderState 

type RenderState int
const (
	RenderAppendRule RenderState = 0
	RenderDeleteRule RenderState = 1
)

func (RenderState) String 

func (r RenderState) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.