firewall

package

v0.0.0-...-2ec37ed Latest Latest Go to latest Published: Feb 11, 2024 License: GPL-3.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/evilsocket/opensnitch

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CleanRules(logErrors bool)
func Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)
func DisableInterception() error
func EnableInterception() error
func ErrChanEmpty() bool
func ErrorsChan() <-chan string
func Init(fwType, configPath, monitorInterval string, qNum *int) (err error)
func IsRunning() bool
func Reload(fwtype, configPath, monitorInterval string) (err error)
func ReloadSystemRules()
func SaveConfiguration(rawConfig []byte) error
func Serialize() (*protocol.SysFirewall, error)
func Stop()
type Firewall

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	DefaultConfig = "/etc/opensnitchd/system-fw.json"
)

Functions ¶

func Deserialize ¶

func Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)

Deserialize transforms firewall json configuration to protobuf

func DisableInterception ¶

func DisableInterception() error

DisableInterception removes the rules to intercept outbound connections.

func EnableInterception ¶

func EnableInterception() error

EnableInterception removes the rules to intercept outbound connections.

func ErrChanEmpty ¶

func ErrChanEmpty() bool

ErrChanEmpty checks if the errors channel is empty.

func ErrorsChan ¶

func ErrorsChan() <-chan string

ErrorsChan returns the channel where the errors are sent to.

func Init ¶

func Init(fwType, configPath, monitorInterval string, qNum *int) (err error)

Init initializes the firewall and loads firewall rules. We'll try to use the firewall configured in the configuration (iptables/nftables). If iptables is not installed, we can add nftables rules directly to the kernel, without relying on any binaries.

func IsRunning ¶

func IsRunning() bool

IsRunning returns if the firewall is running or not.

func Reload ¶

func Reload(fwtype, configPath, monitorInterval string) (err error)

Reload stops current firewall and initializes a new one.

func ReloadSystemRules ¶

func ReloadSystemRules()

ReloadSystemRules deletes existing rules, and add them again

func SaveConfiguration ¶

func SaveConfiguration(rawConfig []byte) error

SaveConfiguration saves configuration string to disk

func Serialize ¶

func Serialize() (*protocol.SysFirewall, error)

Serialize transforms firewall json configuration to protobuf

func Stop ¶

func Stop()

Stop deletes the firewall rules, allowing network traffic.

Types ¶

type Firewall ¶

type Firewall interface {
	Init(*int, string, string)
	Stop()
	Name() string
	IsRunning() bool
	SetQueueNum(num *int)

	SaveConfiguration(rawConfig string) error

	EnableInterception()
	DisableInterception(bool)
	QueueDNSResponses(bool, bool) (error, error)
	QueueConnections(bool, bool) (error, error)
	CleanRules(bool)

	AddSystemRules(bool, bool)
	DeleteSystemRules(bool, bool, bool)

	Serialize() (*protocol.SysFirewall, error)
	Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)

	ErrorsChan() <-chan string
	ErrChanEmpty() bool
}

Firewall is the interface that all firewalls (iptables, nftables) must implement.

Source Files ¶

View all Source files

rules.go

Directories ¶

Path	Synopsis
common
config Package config provides functionality to load and monitor the system firewall rules.	Package config provides functionality to load and monitor the system firewall rules.
iptables
nftables
exprs
nftest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL