Package iptables provides an interface and implementations for running iptables commands.



    View Source
    const LockfilePath16x = "/run/xtables.lock"
    View Source
    const MinCheckVersion = "1.4.11"

      Versions of iptables less than this do not support the -C / --check flag (test whether a rule exists).

      View Source
      const WaitMinVersion = "1.4.20"

        Minimum iptables versions supporting the -w and -w<seconds> flags

        View Source
        const WaitSecondsMinVersion = "1.4.22"
        View Source
        const WaitSecondsValue = "5"
        View Source
        const WaitString = "-w"


        This section is empty.


        func GetChainLines

        func GetChainLines(table Table, save []byte) map[Chain][]byte

          GetChainLines parses a table's iptables-save data to find chains in the table. It returns a map of iptables.Chain to []byte where the []byte is the chain line from save (with counters etc.). Note that to avoid allocations memory is SHARED with save.

          func IsNotFoundError

          func IsNotFoundError(err error) bool

            IsNotFoundError returns true if the error indicates "not found". It parses the error string looking for known values, which is imperfect but works in practice.

            func MakeChainLine

            func MakeChainLine(chain Chain) string

              MakeChainLine return an iptables-save/restore formatted chain line given a Chain


              type Chain

              type Chain string
              const (
              	ChainPostrouting Chain = "POSTROUTING"
              	ChainPrerouting  Chain = "PREROUTING"
              	ChainOutput      Chain = "OUTPUT"
              	ChainInput       Chain = "INPUT"
              	ChainForward     Chain = "FORWARD"

              type FlushFlag

              type FlushFlag bool

                Option flag for Flush

                const FlushTables FlushFlag = true
                const NoFlushTables FlushFlag = false

                type Interface

                type Interface interface {
                	// GetVersion returns the "X.Y.Z" version string for iptables.
                	GetVersion() (string, error)
                	// EnsureChain checks if the specified chain exists and, if not, creates it.  If the chain existed, return true.
                	EnsureChain(table Table, chain Chain) (bool, error)
                	// FlushChain clears the specified chain.  If the chain did not exist, return error.
                	FlushChain(table Table, chain Chain) error
                	// DeleteChain deletes the specified chain.  If the chain did not exist, return error.
                	DeleteChain(table Table, chain Chain) error
                	// EnsureRule checks if the specified rule is present and, if not, creates it.  If the rule existed, return true.
                	EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error)
                	// DeleteRule checks if the specified rule is present and, if so, deletes it.
                	DeleteRule(table Table, chain Chain, args ...string) error
                	// IsIpv6 returns true if this is managing ipv6 tables
                	IsIpv6() bool
                	// SaveInto calls `iptables-save` for table and stores result in a given buffer.
                	SaveInto(table Table, buffer *bytes.Buffer) error
                	// Restore runs `iptables-restore` passing data through []byte.
                	// table is the Table to restore
                	// data should be formatted like the output of SaveInto()
                	// flush sets the presence of the "--noflush" flag. see: FlushFlag
                	// counters sets the "--counters" flag. see: RestoreCountersFlag
                	Restore(table Table, data []byte, flush FlushFlag, counters RestoreCountersFlag) error
                	// RestoreAll is the same as Restore except that no table is specified.
                	RestoreAll(data []byte, flush FlushFlag, counters RestoreCountersFlag) error
                	// AddReloadFunc adds a function to call on iptables reload
                	AddReloadFunc(reloadFunc func())
                	// Destroy cleans up resources used by the Interface

                  An injectable interface for running iptables commands. Implementations must be goroutine-safe.

                  func New

                  func New(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol) Interface

                    New returns a new Interface which will exec iptables.

                    type Protocol

                    type Protocol byte
                    const (
                    	ProtocolIpv4 Protocol = iota + 1

                    type RestoreCountersFlag

                    type RestoreCountersFlag bool

                      Option flag for Restore

                      const NoRestoreCounters RestoreCountersFlag = false
                      const RestoreCounters RestoreCountersFlag = true

                      type RulePosition

                      type RulePosition string
                      const (
                      	Prepend RulePosition = "-I"
                      	Append  RulePosition = "-A"

                      type Table

                      type Table string
                      const (
                      	TableNAT    Table = "nat"
                      	TableFilter Table = "filter"
                      	TableMangle Table = "mangle"


                      Path Synopsis