iptablesmanager

Documentation

Index

• Constants
• func AreIP6TablesSupported() bool
• type CommandRunner
• type ExecCommandRunner
  • func (ExecCommandRunner) RunCommand(command string, args string) (string, error)
• type FwRule
  • func NewFwRule(chain iptablesChain, version IpVersion, params string, priority RulePriority) FwRule
  • func (f FwRule) ToDeleteCommand() string
  • func (f FwRule) ToInsertAppendCommand(index int) string
• type IPTablesManager
  • func NewIPTablesManager(cmdRunner CommandRunner, enabled bool, ip6tablesSupported bool) IPTablesManager
  • func (i IPTablesManager) DeleteRule(rule FwRule) error
  • func (i IPTablesManager) InsertRule(rule FwRule) error
• type IpVersion
• type RulePriority

Constants

const (
	Input  iptablesChain = iota
	Output               = iota
)

Functions

func AreIP6TablesSupported

func AreIP6TablesSupported() bool

nolint:unused // Will be used once FirewallManager is integrated

Types

type CommandRunner

type CommandRunner interface {
	RunCommand(string, string) (string, error)
}

CommandRunner is an abstraction over linux command execution.

type ExecCommandRunner

type ExecCommandRunner struct {
}

ExecCommandRunner is implementation of CommandRunner that facilitates commands execution with Exec calls. nolint:unused // Will be used once FirewallManager is integrated

func (ExecCommandRunner) RunCommand

func (ExecCommandRunner) RunCommand(command string, args string) (string, error)

nolint:unused // Will be used once FirewallManager is integrated

type FwRule

type FwRule struct {
	// contains filtered or unexported fields
}

func NewFwRule

func NewFwRule(chain iptablesChain, version IpVersion, params string, priority RulePriority) FwRule

NewFwRule returns a new representation of iptables rule.

Args:

chain - chain in which rule should be inserted
version - version of iptables command which should be used to execute the rule, can be ipv4, ipv6 or both
params - rest of the params, need to be valid iptables command arguments separated by spaces
priority - priority at which rule should be inserted

func (FwRule) ToDeleteCommand

func (f FwRule) ToDeleteCommand() string

func (FwRule) ToInsertAppendCommand

func (f FwRule) ToInsertAppendCommand(index int) string

ToInsertAppendCommand returns the FwRule converted to insert command(-I <CHAIN> <ARGS>) or append command if index is -1.

type IPTablesManager

type IPTablesManager struct {
	// contains filtered or unexported fields
}

IPTablesManager manages priority and execution of firewall rules with iptables.

func NewIPTablesManager

func NewIPTablesManager(cmdRunner CommandRunner, enabled bool, ip6tablesSupported bool) IPTablesManager

func (IPTablesManager) DeleteRule

func (i IPTablesManager) DeleteRule(rule FwRule) error

func (IPTablesManager) InsertRule

func (i IPTablesManager) InsertRule(rule FwRule) error

type IpVersion

type IpVersion int

IpVersion determines which version of iptables command should be used, i.e iptables, ip6tables or both

const (
	IPv4 IpVersion = iota
	IPv6
	Both
)

type RulePriority

type RulePriority int

RulePriority determines a line in iptables where rule should be inserted. In iptables, rules are numbered in descending order, with rule with lower line number taking precedence over following rules. Higher priority will result in lower line number.