iptables

package

v0.7.0 Latest Latest Go to latest Published: Jul 31, 2023 License: Apache-2.0 Imports: 11 Imported by: 516

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/coreos/go-iptables

Links

Open Source Insights

Documentation ¶

Index ¶

func IPFamily(proto Protocol) option
func Timeout(timeout int) option
type Error
type IPTables
- func New(opts ...option) (*IPTables, error)
- func NewWithProtocol(proto Protocol) (*IPTables, error)
type Protocol
type Stat
type Unlocker

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IPFamily ¶ added in v0.5.0

func IPFamily(proto Protocol) option

func Timeout ¶ added in v0.5.0

func Timeout(timeout int) option

Types ¶

type Error ¶

type Error struct {
	exec.ExitError
	// contains filtered or unexported fields
}

Adds the output of stderr to exec.ExitError

func (*Error) Error ¶

func (e *Error) Error() string

func (*Error) ExitStatus ¶

func (e *Error) ExitStatus() int

func (*Error) IsNotExist ¶ added in v0.3.0

func (e *Error) IsNotExist() bool

IsNotExist returns true if the error is due to the chain or rule not existing

type IPTables ¶

type IPTables struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts ...option) (*IPTables, error)

New creates a new IPTables configured with the options passed as parameter. For backwards compatibility, by default always uses IPv4 and timeout 0. i.e. you can create an IPv6 IPTables using a timeout of 5 seconds passing the IPFamily and Timeout options as follow:

ip6t := New(IPFamily(ProtocolIPv6), Timeout(5))

func NewWithProtocol ¶ added in v0.2.0

func NewWithProtocol(proto Protocol) (*IPTables, error)

New creates a new IPTables for the given proto. The proto will determine which command is used, either "iptables" or "ip6tables".

func (*IPTables) Append ¶

func (ipt *IPTables) Append(table, chain string, rulespec ...string) error

Append appends rulespec to specified table/chain

func (*IPTables) AppendUnique ¶

func (ipt *IPTables) AppendUnique(table, chain string, rulespec ...string) error

AppendUnique acts like Append except that it won't add a duplicate

func (*IPTables) ChainExists ¶ added in v0.5.0

func (ipt *IPTables) ChainExists(table, chain string) (bool, error)

'-S' is fine with non existing rule index as long as the chain exists therefore pass index 1 to reduce overhead for large chains

func (*IPTables) ChangePolicy ¶ added in v0.3.0

func (ipt *IPTables) ChangePolicy(table, chain, target string) error

ChangePolicy changes policy on chain to target

func (*IPTables) ClearAll ¶ added in v0.6.0

func (ipt *IPTables) ClearAll() error

func (*IPTables) ClearAndDeleteChain ¶ added in v0.5.0

func (ipt *IPTables) ClearAndDeleteChain(table, chain string) error

func (*IPTables) ClearChain ¶

func (ipt *IPTables) ClearChain(table, chain string) error

ClearChain flushed (deletes all rules) in the specified table/chain. If the chain does not exist, a new one will be created

func (*IPTables) Delete ¶

func (ipt *IPTables) Delete(table, chain string, rulespec ...string) error

Delete removes rulespec in specified table/chain

func (*IPTables) DeleteAll ¶ added in v0.6.0

func (ipt *IPTables) DeleteAll() error

func (*IPTables) DeleteChain ¶

func (ipt *IPTables) DeleteChain(table, chain string) error

DeleteChain deletes the chain in the specified table. The chain must be empty

func (*IPTables) DeleteIfExists ¶ added in v0.5.0

func (ipt *IPTables) DeleteIfExists(table, chain string, rulespec ...string) error

func (*IPTables) Exists ¶

func (ipt *IPTables) Exists(table, chain string, rulespec ...string) (bool, error)

Exists checks if given rulespec in specified table/chain exists

func (*IPTables) GetIptablesVersion ¶ added in v0.4.0

func (ipt *IPTables) GetIptablesVersion() (int, int, int)

Return version components of the underlying iptables command

func (*IPTables) HasRandomFully ¶ added in v0.4.0

func (ipt *IPTables) HasRandomFully() bool

Check if the underlying iptables command supports the --random-fully flag

func (*IPTables) Insert ¶

func (ipt *IPTables) Insert(table, chain string, pos int, rulespec ...string) error

Insert inserts rulespec to specified table/chain (in specified pos)

func (*IPTables) InsertUnique ¶ added in v0.7.0

func (ipt *IPTables) InsertUnique(table, chain string, pos int, rulespec ...string) error

InsertUnique acts like Insert except that it won't insert a duplicate (no matter the position in the chain)

func (*IPTables) List ¶

func (ipt *IPTables) List(table, chain string) ([]string, error)

List rules in specified table/chain

func (*IPTables) ListById ¶ added in v0.7.0

func (ipt *IPTables) ListById(table, chain string, id int) (string, error)

List rules in specified table/chain

func (*IPTables) ListChains ¶ added in v0.2.0

func (ipt *IPTables) ListChains(table string) ([]string, error)

ListChains returns a slice containing the name of each chain in the specified table.

func (*IPTables) ListWithCounters ¶ added in v0.2.0

func (ipt *IPTables) ListWithCounters(table, chain string) ([]string, error)

List rules (with counters) in specified table/chain

func (*IPTables) NewChain ¶

func (ipt *IPTables) NewChain(table, chain string) error

NewChain creates a new chain in the specified table. If the chain already exists, it will result in an error.

func (*IPTables) ParseStat ¶ added in v0.4.2

func (ipt *IPTables) ParseStat(stat []string) (parsed Stat, err error)

ParseStat parses a single statistic row into a Stat struct. The input should be a string slice that is returned from calling the Stat method.

func (*IPTables) Proto ¶ added in v0.2.0

func (ipt *IPTables) Proto() Protocol

Proto returns the protocol used by this IPTables.

func (*IPTables) RenameChain ¶

func (ipt *IPTables) RenameChain(table, oldChain, newChain string) error

RenameChain renames the old chain to the new one.

func (*IPTables) Replace ¶ added in v0.7.0

func (ipt *IPTables) Replace(table, chain string, pos int, rulespec ...string) error

Replace replaces rulespec to specified table/chain (in specified pos)

func (*IPTables) Stats ¶ added in v0.2.0

func (ipt *IPTables) Stats(table, chain string) ([][]string, error)

Stats lists rules including the byte and packet counts

func (*IPTables) StructuredStats ¶ added in v0.4.2

func (ipt *IPTables) StructuredStats(table, chain string) ([]Stat, error)

StructuredStats returns statistics as structured data which may be further parsed and marshaled.

type Protocol ¶ added in v0.2.0

type Protocol byte

Protocol to differentiate between IPv4 and IPv6

const (
	ProtocolIPv4 Protocol = iota
	ProtocolIPv6
)

type Stat ¶ added in v0.4.2

type Stat struct {
	Packets     uint64     `json:"pkts"`
	Bytes       uint64     `json:"bytes"`
	Target      string     `json:"target"`
	Protocol    string     `json:"prot"`
	Opt         string     `json:"opt"`
	Input       string     `json:"in"`
	Output      string     `json:"out"`
	Source      *net.IPNet `json:"source"`
	Destination *net.IPNet `json:"destination"`
	Options     string     `json:"options"`
}

Stat represents a structured statistic entry.

type Unlocker ¶

type Unlocker interface {
	Unlock() error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL