Documentation ¶
Index ¶
Constants ¶
const BUFSIZE = 16
BUFSIZE is the max buffer size of the ring buffer in the parser.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Comment ¶
type Comment struct {
Content string
}
Comment represents a comment in an iptables dump. Comments start with #.
type Counter ¶
type Counter struct {
// contains filtered or unexported fields
}
Counter represents the package and byte counters.
type DNSOrIP ¶
type DNSOrIP struct {
// contains filtered or unexported fields
}
DNSOrIP represents either a DNS name or an IP address. IPs, as they are more specific, are preferred.
func NewDNSOrIP ¶
NewDNSOrIP takes a string and return a DNSOrIP, or an error. It tries to parse it as an IP, if this fails it will check, whether the input is a valid DNS name.
type DNSOrIPPair ¶
DNSOrIPPair either holds an IP or DNS and a flag. The boolean not-flag is used when an address or DNS name is reverted with a "!" character.
func (DNSOrIPPair) Spec ¶
func (d DNSOrIPPair) Spec(f string) []string
Spec returns a DNSOrIPPair how coreos' iptables package would expect it.
func (DNSOrIPPair) String ¶
func (d DNSOrIPPair) String(f string) string
String returns the part of the iptables rule. It requires its flag as string to generate the correct string, e.g. "! -s 10.0.0.1/32".
type Flag ¶
Flag is flag, e.g. --dport 8080. It can be negated with a leading !. Sometimes a flag is followed by several arguments.
type Header ¶
type Header struct {
Content string
}
Header represents a header in an iptables dump and introduce a new table. They start with *.
type Line ¶
type Line interface {
String() string
}
Line represents a line in a iptables dump, e.g. generated with iptables-save. It is either Comment, Header, Default or Rule.
func NewFromString ¶
NewFromString takes a string a parses it until the EOF or NEWLINE to return a Header, Policy or Rule. It will return an error otherwise.
type Match ¶
Match represents one match expression from the iptables-extension. See man iptables-extenstion for more info.
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser represents a parser.
type Policy ¶
type Policy struct { Chain string Action string UserDefined *bool // nil if unknown Counter *Counter }
Policy represents a build-in policy. They can be parsed from iprables-save looking like ":FORWARD DROP [0:100]" They start with :. They can also be parsed from "iptables -S" looking like "-N|-P chain [target]". In the latter case, UserDefined will be set. For user defined policies, Action should be an empty string "" or "-".
type Rule ¶
type Rule struct { Chain string // Name of the chain Source *DNSOrIPPair // Will be nil, if -s flag was not set. Destination *DNSOrIPPair // Will be nil, if -s flag was not set. InInterf *StringPair // Will be nil, if -i flag was not set. OutInterf *StringPair // Will be nil, if -o flag was not set. Protocol *StringPair // Be aware that the protocol names can be different depending on your system. Fragment *bool // Will be nil, if flag was not set. IPv4 bool // False, if flag was not set. IPv6 bool // False, if flag was not set. Jump *Target // Will be nil, if -j flag was not set. Goto *Target // Will be nil, if -g flag was not set. Counter *Counter // Will be nil, if no counter was parsed. Matches []Match // Matches need to be a slice because order can matter. See man iptables-extension. }
Rule represents a rule in an iptables dump. Normally the start with -A. The parser treats the -A flag like any other flag, thus does not require the -A flag as the leading flag.
func NewRuleFromSpec ¶
NewRuleFromSpec returns a rule from a given rulespec and chain name. It will return nil and an error, if the rulespec does not resemble a valid rule, or contains unknown, or not implemented extensions.
func NewRuleFromString ¶
NewRuleFromString returns a rule for the given string. It can only handle appended rules with the "-A <chain name>" flag. It will return nil and an error, if the given string does not resemble a valid rule, or contains unknown, or not implemented extensions.
type StringPair ¶
StringPair is a string with a flag. It is used to represent flags that specify a string value and can be negated with a "!".
func (StringPair) Spec ¶
func (sp StringPair) Spec(f string) []string
Spec returns a StringPair how coreos' iptables package would expect it.
func (StringPair) String ¶
func (sp StringPair) String(f string) string