firewall

package

v0.0.0-...-62bb9e5 Latest Latest Go to latest Published: Dec 18, 2020 License: GPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gustavo-iniguez-goya/opensnitch

Documentation ¶

Index ¶

Constants
func AddSystemRule(action Action, rule *fwRule, enable bool) (err4, err6 error)
func AreRulesLoaded() bool
func CleanRules(logErrors bool)
func CreateSystemRule(rule *fwRule, logErrors bool)
func DeleteSystemRules(logErrors bool)
func DropMarked(enable bool, logError bool) (err4, err6 error)
func Init(qNum *int)
func IsRunning() bool
func QueueConnections(enable bool, logError bool, qNum int) (err4, err6 error)
func QueueDNSResponses(enable bool, logError bool, qNum int) (err4, err6 error)
func RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error)
func StartCheckingRules()
func Stop(qNum *int)
func StopCheckingRules()
type Action

Constants ¶

View Source

const (
	ADD      = Action("-A")
	INSERT   = Action("-I")
	DELETE   = Action("-D")
	FLUSH    = Action("-F")
	NEWCHAIN = Action("-N")
	DELCHAIN = Action("-X")
)

Actions we apply to the firewall.

View Source

const DropMark = 0x18BA5

DropMark is the mark we place on a connection when we deny it. The connection is dropped later on OUTPUT chain.

Variables ¶

This section is empty.

Functions ¶

func AreRulesLoaded ¶

func AreRulesLoaded() bool

AreRulesLoaded checks if the firewall rules are loaded.

func CreateSystemRule ¶

func CreateSystemRule(rule *fwRule, logErrors bool)

CreateSystemRule create the custom firewall chains and adds them to system.

func DeleteSystemRules ¶

func DeleteSystemRules(logErrors bool)

DeleteSystemRules deletes the system rules

func DropMarked ¶

func DropMarked(enable bool, logError bool) (err4, err6 error)

DropMarked rejects packets marked by OpenSnitch. OUTPUT -m mark --mark 101285 -j DROP

func IsRunning ¶

func IsRunning() bool

IsRunning returns if the firewall rules are loaded or not.

func QueueConnections ¶

func QueueConnections(enable bool, logError bool, qNum int) (err4, err6 error)

QueueConnections inserts the firewall rule which redirects connections to us. They are queued until the user denies/accept them, or reaches a timeout. OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass

func QueueDNSResponses ¶

func QueueDNSResponses(enable bool, logError bool, qNum int) (err4, err6 error)

QueueDNSResponses redirects DNS responses to us, in order to keep a cache of resolved domains. INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass

func RunRule ¶

func RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error)

RunRule inserts or deletes a firewall rule.

func StartCheckingRules ¶

func StartCheckingRules()

StartCheckingRules checks periodically if the rules are loaded. If they're not, we insert them again.

func Stop ¶

func Stop(qNum *int)

Stop deletes the firewall rules, allowing network traffic.

func StopCheckingRules ¶

func StopCheckingRules()

StopCheckingRules stops checking if the firewall rules are loaded.

Types ¶

type Action ¶

type Action string

Action is the modifier we apply to a rule.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL