nftables

package
v2.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FQDNCache 

type FQDNCache interface {
	GetSetsForRendering(fqdns []firewallv1.FQDNSelector) (result []dns.RenderIPSet)
	GetSetsForFQDN(fqdn firewallv1.FQDNSelector, fqdnSets []firewallv1.IPSet) (result []firewallv1.IPSet)
	IsInitialized() bool
	CacheAddr() (string, error)
}

type Firewall 

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall assembles nftable rules based on k8s entities

func NewFirewall 

func NewFirewall(
	firewall *firewallv2.Firewall,
	cwnps *firewallv1.ClusterwideNetworkPolicyList,
	svcs *corev1.ServiceList,
	cache FQDNCache,
	log logr.Logger,
	recorder record.EventRecorder,
) *Firewall

NewFirewall creates a new nftables firewall object based on k8s entities

func (*Firewall) Flush 

func (f *Firewall) Flush() error

Flush flushes the nftables rules that were deduced from a k8s resources after that the firewall is a "plain metal firewall" with default policy accept in the forward chain.

func (*Firewall) Reconcile 

func (f *Firewall) Reconcile() (updated bool, err error)

Reconcile drives the nftables firewall against the desired state by comparison with the current rule file.

func (*Firewall) ReconcileNetconfTables 

func (f *Firewall) ReconcileNetconfTables() error

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.