Documentation ¶
Index ¶
- Constants
- func AddSystemRule(action Action, rule *fwRule, enable bool) (err4, err6 error)
- func AreRulesLoaded() bool
- func CleanRules(logErrors bool)
- func CreateSystemRule(rule *fwRule, logErrors bool)
- func DeleteSystemRules(logErrors bool)
- func DropMarked(enable bool, logError bool) (err4, err6 error)
- func Init(qNum *int)
- func IsRunning() bool
- func QueueConnections(enable bool, logError bool, qNum int) (err4, err6 error)
- func QueueDNSResponses(enable bool, logError bool, qNum int) (err4, err6 error)
- func RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error)
- func StartCheckingRules()
- func Stop(qNum *int)
- func StopCheckingRules()
- type Action
Constants ¶
const ( ADD = Action("-A") INSERT = Action("-I") DELETE = Action("-D") FLUSH = Action("-F") NEWCHAIN = Action("-N") DELCHAIN = Action("-X") )
Actions we apply to the firewall.
const DropMark = 0x18BA5
DropMark is the mark we place on a connection when we deny it. The connection is dropped later on OUTPUT chain.
Variables ¶
This section is empty.
Functions ¶
func AddSystemRule ¶
AddSystemRule inserts a new rule.
func AreRulesLoaded ¶
func AreRulesLoaded() bool
AreRulesLoaded checks if the firewall rules are loaded.
func CreateSystemRule ¶
func CreateSystemRule(rule *fwRule, logErrors bool)
CreateSystemRule create the custom firewall chains and adds them to system.
func DeleteSystemRules ¶
func DeleteSystemRules(logErrors bool)
DeleteSystemRules deletes the system rules
func DropMarked ¶
DropMarked rejects packets marked by OpenSnitch. OUTPUT -m mark --mark 101285 -j DROP
func QueueConnections ¶
QueueConnections inserts the firewall rule which redirects connections to us. They are queued until the user denies/accept them, or reaches a timeout. OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass
func QueueDNSResponses ¶
QueueDNSResponses redirects DNS responses to us, in order to keep a cache of resolved domains. INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
func StartCheckingRules ¶
func StartCheckingRules()
StartCheckingRules checks periodically if the rules are loaded. If they're not, we insert them again.
func StopCheckingRules ¶
func StopCheckingRules()
StopCheckingRules stops checking if the firewall rules are loaded.