fwset

package module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2025 License: Apache-2.0 Imports: 3 Imported by: 0

README

fwset

Firewall set operations

Firewalls supported

  • nftables
  • ipset
$ nft list ruleset
table inet filter {
    chain input {
	type filter hook input priority filter; policy accept;
    }

    chain forward {
	type filter hook forward priority filter; policy accept;
    }

    chain output {
	type filter hook output priority filter; policy accept;
    }
}

$ ./fwset create
fwset v0.3.0
Sets created

$ ./fwset --accept add 10.10.10.0/24
fwset v0.3.0
Network added

$ ./fwset add 11.11.13.2-11.11.13.16 11.11.12.2/24 11.11.11.11
fwset v0.3.0
Network added

$ nft list table myfirewall
table ip myfirewall {
    set allowed_nets {
	type ipv4_addr
	flags interval
	elements = { 10.10.10.0/24 }
    }

    set blocked_nets {
	type ipv4_addr
	flags interval
	elements = { 11.11.11.11, 11.11.12.0/24,
	         11.11.13.2-11.11.13.16 }
    }

    chain input {
	type filter hook input priority filter; policy accept;
	ip saddr @allowed_nets counter packets 0 bytes 0 log accept
	ip saddr @blocked_nets counter packets 0 bytes 0 log drop
    }
}

$ ./fwset del 11.11.13.2-11.11.13.16
fwset v0.3.0
Network removed

$ nft list table myfirewall
table ip myfirewall {
    set allowed_nets {
	type ipv4_addr
	flags interval
	elements = { 10.10.10.0/24 }
    }

    set blocked_nets {
	type ipv4_addr
	flags interval
	elements = { 11.11.11.11, 11.11.12.0/24 }
    }

    chain input {
	type filter hook input priority filter; policy accept;
	ip saddr @allowed_nets counter packets 0 bytes 0 log accept
	ip saddr @blocked_nets counter packets 0 bytes 0 log drop
    }
}

$ ./fwset destroy
fwset v0.3.0
Sets destroyed

$ nft list ruleset
table inet filter {
    chain input {
	type filter hook input priority filter; policy accept;
    }

    chain forward {
	type filter hook forward priority filter; policy accept;
    }

    chain output {
	type filter hook output priority filter; policy accept;
    }
}

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrNotImplemented = errors.New("not implemented")

ErrNotImplemented возвращается при попытке инициализировать нереализованный фаервол.

Functions

This section is empty.

Types

type Config 

type Config struct {
	FW string `choice:"nft" choice:"ipset" default:"nft" description:"Firewall type" env:"FW" long:"fw"`
	config.Config
}

Config содержит тип и стандартные настройки фаервола.

type Firewall 

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall содержит методы, которые проксируются в фаервол.

func New 

func New(cfg Config) (*Firewall, error)

New возвращает экземпляр фаервола.

func (*Firewall) Add added in v0.3.0 

func (fw *Firewall) Add(accept bool, networks []string) error

func (*Firewall) Create added in v0.3.0 

func (fw *Firewall) Create() error

func (*Firewall) Destroy added in v0.3.0 

func (fw *Firewall) Destroy() error

func (*Firewall) List added in v0.3.0 

func (fw *Firewall) List(accept bool) ([]string, error)

func (*Firewall) ModifyIP 

func (fw *Firewall) ModifyIP(accept, add bool, networks []string) error

func (*Firewall) Remove added in v0.3.0 

func (fw *Firewall) Remove(accept bool, networks []string) error

type NFTables 

type NFTables interface {
	Create(accept bool) error
	ModifyIP(accept, add bool, networks []string) error
	Add(accept bool, networks []string) error
	Remove(accept bool, networks []string) error
	List(accept bool) ([]string, error)
	Destroy() error
}

NFTables описывает общий для фаерволов интерфейс.

Source Files

View all Source files

Directories

Path Synopsis
cmd
fwset command
package config hold common for any fw settings.
 package config hold common for any fw settings.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.