iptables

package

v25.0.0-beta.101+incom... Latest Latest Go to latest Published: Dec 21, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/crazy-max/moby

Documentation ¶

Index ¶

func AddInterfaceFirewalld(intf string) error
func DelInterfaceFirewalld(intf string) error
func DeleteConntrackEntries(nlh *netlink.Handle, ipv4List []net.IP, ipv6List []net.IP) error
func DeleteConntrackEntriesByPort(nlh *netlink.Handle, proto types.Protocol, ports []uint16) error
func OnReloaded(callback func())
func Passthrough(ipv IPV, args ...string) ([]byte, error)
type Action
type ChainError
- func (e ChainError) Error() string
type ChainInfo
type Conn
type IPTable
- func GetIptable(version IPVersion) *IPTable
type IPV
type IPVersion
type Policy
type Table

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddInterfaceFirewalld ¶

func AddInterfaceFirewalld(intf string) error

AddInterfaceFirewalld adds the interface to the trusted zone. It is a no-op if firewalld is not running.

func DelInterfaceFirewalld ¶

func DelInterfaceFirewalld(intf string) error

DelInterfaceFirewalld removes the interface from the trusted zone It is a no-op if firewalld is not running.

func DeleteConntrackEntries ¶

func DeleteConntrackEntries(nlh *netlink.Handle, ipv4List []net.IP, ipv6List []net.IP) error

DeleteConntrackEntries deletes all the conntrack connections on the host for the specified IP Returns the number of flows deleted for IPv4, IPv6 else error

func DeleteConntrackEntriesByPort ¶

func DeleteConntrackEntriesByPort(nlh *netlink.Handle, proto types.Protocol, ports []uint16) error

func OnReloaded ¶

func OnReloaded(callback func())

OnReloaded add callback

func Passthrough ¶

func Passthrough(ipv IPV, args ...string) ([]byte, error)

Passthrough method simply passes args through to iptables/ip6tables

Types ¶

type Action ¶

type Action string

Action signifies the iptable action.

const (
	// Append appends the rule at the end of the chain.
	Append Action = "-A"
	// Delete deletes the rule from the chain.
	Delete Action = "-D"
	// Insert inserts the rule at the top of the chain.
	Insert Action = "-I"
)

type ChainError ¶

type ChainError struct {
	Chain  string
	Output []byte
}

ChainError is returned to represent errors during ip table operation.

func (ChainError) Error ¶

func (e ChainError) Error() string

type ChainInfo ¶

type ChainInfo struct {
	Name        string
	Table       Table
	HairpinMode bool
	IPVersion   IPVersion
}

ChainInfo defines the iptables chain.

func (*ChainInfo) Forward ¶

func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int, bridgeName string) error

Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table.

func (*ChainInfo) Link ¶

func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error

Link adds reciprocal ACCEPT rule for two supplied IP addresses. Traffic is allowed from ip1 to ip2 and vice-versa

func (*ChainInfo) Output ¶

func (c *ChainInfo) Output(action Action, args ...string) error

Output adds linking rule to an OUTPUT chain.

func (*ChainInfo) Prerouting ¶

func (c *ChainInfo) Prerouting(action Action, args ...string) error

Prerouting adds linking rule to nat/PREROUTING chain.

func (*ChainInfo) Remove ¶

func (c *ChainInfo) Remove() error

Remove removes the chain.

type Conn ¶

type Conn struct {
	// contains filtered or unexported fields
}

Conn is a connection to firewalld dbus endpoint.

type IPTable ¶

type IPTable struct {
	// contains filtered or unexported fields
}

IPTable defines struct with IPVersion.

func GetIptable ¶

func GetIptable(version IPVersion) *IPTable

GetIptable returns an instance of IPTable with specified version (IPv4 or IPv6). It panics if an invalid IPVersion is provided.

func (IPTable) AddReturnRule ¶

func (iptable IPTable) AddReturnRule(chain string) error

AddReturnRule adds a return rule for the chain in the filter table

func (IPTable) EnsureJumpRule ¶

func (iptable IPTable) EnsureJumpRule(fromChain, toChain string) error

EnsureJumpRule ensures the jump rule is on top

func (IPTable) ExistChain ¶

func (iptable IPTable) ExistChain(chain string, table Table) bool

ExistChain checks if a chain exists

func (IPTable) Exists ¶

func (iptable IPTable) Exists(table Table, chain string, rule ...string) bool

Exists checks if a rule exists

func (IPTable) ExistsNative ¶

func (iptable IPTable) ExistsNative(table Table, chain string, rule ...string) bool

ExistsNative behaves as Exists with the difference it will always invoke `iptables` binary.

func (IPTable) NewChain ¶

func (iptable IPTable) NewChain(name string, table Table, hairpinMode bool) (*ChainInfo, error)

NewChain adds a new chain to ip table.

func (IPTable) ProgramChain ¶

func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) error

ProgramChain is used to add rules to a chain

func (IPTable) ProgramRule ¶

func (iptable IPTable) ProgramRule(table Table, chain string, action Action, args []string) error

ProgramRule adds the rule specified by args only if the rule is not already present in the chain. Reciprocally, it removes the rule only if present.

func (IPTable) Raw ¶

func (iptable IPTable) Raw(args ...string) ([]byte, error)

Raw calls 'iptables' system command, passing supplied arguments.

func (IPTable) RawCombinedOutput ¶

func (iptable IPTable) RawCombinedOutput(args ...string) error

RawCombinedOutput internally calls the Raw function and returns a non nil error if Raw returned a non nil error or a non empty output

func (IPTable) RawCombinedOutputNative ¶

func (iptable IPTable) RawCombinedOutputNative(args ...string) error

RawCombinedOutputNative behave as RawCombinedOutput with the difference it will always invoke `iptables` binary

func (IPTable) RemoveExistingChain ¶

func (iptable IPTable) RemoveExistingChain(name string, table Table) error

RemoveExistingChain removes existing chain from the table.

func (IPTable) SetDefaultPolicy ¶

func (iptable IPTable) SetDefaultPolicy(table Table, chain string, policy Policy) error

SetDefaultPolicy sets the passed default policy for the table/chain

type IPV ¶

type IPV string

IPV defines the table string

const (
	// Iptables point ipv4 table
	Iptables IPV = "ipv4"
	// IP6Tables point to ipv6 table
	IP6Tables IPV = "ipv6"
)

type IPVersion ¶

type IPVersion string

IPVersion refers to IP version, v4 or v6

const (
	// IPv4 is version 4.
	IPv4 IPVersion = "IPV4"
	// IPv6 is version 6.
	IPv6 IPVersion = "IPV6"
)

type Policy ¶

type Policy string

Policy is the default iptable policies

const (
	// Drop is the default iptables DROP policy.
	Drop Policy = "DROP"
	// Accept is the default iptables ACCEPT policy.
	Accept Policy = "ACCEPT"
)

type Table ¶

type Table string

Table refers to Nat, Filter or Mangle.

const (
	// Nat table is used for nat translation rules.
	Nat Table = "nat"
	// Filter table is used for filter rules.
	Filter Table = "filter"
	// Mangle table is used for mangling the packet.
	Mangle Table = "mangle"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL