Version: v0.5.6 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2016 License: Apache-2.0 Imports: 9 Imported by: 206




View Source
const (
	// Append appends the rule at the end of the chain.
	Append Action = "-A"
	// Delete deletes the rule from the chain.
	Delete Action = "-D"
	// Insert inserts the rule at the top of the chain.
	Insert Action = "-I"
	// Nat table is used for nat translation rules.
	Nat Table = "nat"
	// Filter table is used for filter rules.
	Filter Table = "filter"
	// Mangle table is used for mangling the packet.
	Mangle Table = "mangle"


View Source
var (

	// ErrIptablesNotFound is returned when the rule is not found.
	ErrIptablesNotFound = errors.New("Iptables not found")


func ExistChain added in v0.5.2

func ExistChain(chain string, table Table) bool

ExistChain checks if a chain exists

func Exists

func Exists(table Table, chain string, rule ...string) bool

Exists checks if a rule exists

func FirewalldInit

func FirewalldInit() error

FirewalldInit initializes firewalld management code.

func OnReloaded

func OnReloaded(callback func())

OnReloaded add callback

func Passthrough

func Passthrough(ipv IPV, args ...string) ([]byte, error)

Passthrough method simply passes args through to iptables/ip6tables

func ProgramChain

func ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) error

ProgramChain is used to add rules to a chain

func Raw

func Raw(args ...string) ([]byte, error)

Raw calls 'iptables' system command, passing supplied arguments.

func RawCombinedOutput added in v0.5.2

func RawCombinedOutput(args ...string) error

RawCombinedOutput inernally calls the Raw function and returns a non nil error if Raw returned a non nil error or a non empty output

func RemoveExistingChain

func RemoveExistingChain(name string, table Table) error

RemoveExistingChain removes existing chain from the table.


type Action

type Action string

Action signifies the iptable action.

type ChainError

type ChainError struct {
	Chain  string
	Output []byte

ChainError is returned to represent errors during ip table operation.

func (ChainError) Error

func (e ChainError) Error() string

type ChainInfo

type ChainInfo struct {
	Name        string
	Table       Table
	HairpinMode bool

ChainInfo defines the iptables chain.

func NewChain

func NewChain(name string, table Table, hairpinMode bool) (*ChainInfo, error)

NewChain adds a new chain to ip table.

func (*ChainInfo) Forward

func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int, bridgeName string) error

Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table.

func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error

Link adds reciprocal ACCEPT rule for two supplied IP addresses. Traffic is allowed from ip1 to ip2 and vice-versa

func (*ChainInfo) Output

func (c *ChainInfo) Output(action Action, args ...string) error

Output adds linking rule to an OUTPUT chain.

func (*ChainInfo) Prerouting

func (c *ChainInfo) Prerouting(action Action, args ...string) error

Prerouting adds linking rule to nat/PREROUTING chain.

func (*ChainInfo) Remove

func (c *ChainInfo) Remove() error

Remove removes the chain.

type Conn

type Conn struct {
	// contains filtered or unexported fields

Conn is a connection to firewalld dbus endpoint.

type IPV

type IPV string

IPV defines the table string

const (
	// Iptables point ipv4 table
	Iptables IPV = "ipv4"
	// IP6Tables point to ipv6 table
	IP6Tables IPV = "ipv6"
	// Ebtables point to bridge table
	Ebtables IPV = "eb"

type Table

type Table string

Table refers to Nat, Filter or Mangle.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL