iptables

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2024 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Overview

Copyright (c) 2022-2025 Austin Zhai.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	CTStateINVALID     = "INVALID"
	CTStateNEW         = "NEW"
	CTStateESTABLISHED = "ESTABLISHED"
	CTStateRELATED     = "RELATED"
	CTStateUNTRACKED   = "UNTRACKED"
	CTStateSNAT        = "SNAT"
	CTStateDNAT        = "DNAT"
)
View Source 
const (
	CTStatusNONE       = "NONE"
	CTStatusEXPECTED   = "EXPECTED"
	CTStatusSEEN_REPLY = "SEEN_REPLY"
	CTStatusASSURED    = "ASSURED"
	CTStatusCONFIRMED  = "CONFIRMED"
)
View Source 
const (
	CTDirREPLY    = "REPLY"
	CTDirORIGINAL = "ORIGINAL"
	CTDirBOTH     = "BOTH"
	CTDirReply    = "reply"
	CTDirOriginal = "original"
	CTDirBoth     = "both"
)
View Source 
const (
	CTStateAlias  = "state"
	CTState       = "ctstate"
	CTProto       = "ctproto"
	CTStatus      = "ctstatus"
	CTExpire      = "ctexpire"
	CTDir         = "ctdir"
	CTOrigSrc     = "ctorigsrc"
	CTOrigDst     = "ctorigdrc"
	CTReplSrc     = "ctreplsrc"
	CTReplDst     = "ctrepldst"
	CTOrigSrcPort = "ctorigsrcport"
	CTOrigDstPort = "ctorigdstport"
	CTReplSrcPort = "ctreplsrcport"
	CTReplDstPort = "ctrepldstport"
)
View Source 
const (
	GATE = 1 << iota
	IPIP
	MASQ
	UNKNOWN
)
View Source 
const (
	IPVSGATE    = "GATE"
	IPVSIPIP    = "IPIP"
	IPVSMASQ    = "MASQ"
	IPVSUNKNOWN = "UNKNOWN"
)
View Source 
const (
	IPVSIPVS     = "ipvs"
	IPVSVProto   = "vproto"
	IPVSVAddr    = "vaddr"
	IPVSVPort    = "vport"
	IPVSVDir     = "vdir"
	IPVSVMethod  = "vmethod"
	IPVSVPortCtl = "vportctl"
)
View Source 
const (
	PktTypeUnicast   = "unicast"
	PktTypeBroadcast = "broadcast"
	PktTypeMulticast = "multicast"
)
View Source 
const (
	AH     = "ah"
	ESP    = "esp"
	IPComp = "ipcomp"
)
View Source 
const (
	FlagSrc
	FlagDst
)

Variables

View Source 
var (
	ChainTypeNull        = ChainType{chainTypeNull, false, ""}
	ChainTypePREROUTING  = ChainType{chainTypePREROUTING, false, ""}
	ChainTypeINPUT       = ChainType{chainTypeINPUT, false, ""}
	ChainTypeFORWARD     = ChainType{chainTypeFORWARD, false, ""}
	ChainTypeOUTPUT      = ChainType{chainTypeOUTPUT, false, ""}
	ChainTypePOSTROUTING = ChainType{chainTypePOSTROUTING, false, ""}
	ChainTypeUserDefined = ChainType{chainTypeUserDefined, true, ""}
)
View Source 
var (
	DCCPTypes = map[string]DCCPType{
		"REQUEST":  DCCPTypeREQUEST,
		"RESPONSE": DCCPTypeRESPONSE,
		"DATA":     DCCPTypeDATA,
		"ACK":      DCCPTypeACK,
		"DATAACK":  DCCPTypeDATAACK,
		"CLOSEREQ": DCCPTypeCLOSEREQ,
		"CLOSE":    DCCPTypeCLOSE,
		"RESET":    DCCPTypeRESET,
		"SYNC":     DCCPTypeSYNC,
		"SYNCACK":  DCCPTypeSYNCACK,
		"INVALID":  DCCPTypeINVALID,
	}
)
View Source 
var (
	MHTypes = map[string]MHType{
		"binding-refresh-request": BindingRefreshRequest,
		"brr":                     BindingRefreshRequest,
		"home-test-init":          HomeTestInit,
		"hoti":                    HomeTestInit,
		"careof-test-init":        CareofTestInit,
		"coti":                    CareofTestInit,
		"home-test":               HomeTest,
		"hot":                     HomeTest,
		"careof-test":             CareofTest,
		"cot":                     CareofTest,
		"binding-update":          BindingUpdate,
		"bu":                      BindingUpdate,
		"binding-acknowledgement": BindingAcknowledgement,
		"ba":                      BindingAcknowledgement,
		"binding-error":           BindingError,
		"be":                      BindingError,
	}
)
View Source 
var (
	RejectTypeMap = map[string]RejectType{
		"icmp6-no-route":         Icmp6NoRoute,
		"no-route":               NoRoute,
		"icmp6-adm-prohibited":   Icmp6AdmProhibited,
		"adm-prohibited":         Icmp6AdmProhibited,
		"icmp6-addr-unreachable": Icmp6AddrUnreachable,
		"addr-unreach":           Icmp6AddrUnreachable,
		"icmp6-port-unreachable": Icmp6PortUnreachable,
		"icmp-net-unreachable":   IcmpNetUnreachable,
		"icmp-host-unreachable":  IcmpHostUnreachable,
		"icmp-port-unreachable":  IcmpPortUnreachable,
		"icmp-proto-unreachable": IcmpProtoUnreachable,
		"icmp-net-prohibited":    IcmpNetProhibited,
		"icmp-host-prohibited":   IcmpHostProhibited,
		"icmp-admin-prohibited":  IcmpAdminProhibited,
		"tcp-reset":              TcpReset,
	}
)
View Source 
var (
	SCTPTypes = map[string]SCTPType{
		"DATA":             SCTPTypeDATA,
		"INIT":             SCTPTypeINIT,
		"INITACK":          SCTPTypeINITACK,
		"SACK":             SCTPTypeSACK,
		"HEARTBEAT":        SCTPTypeHEARTBEAT,
		"HEARTBEATACK":     SCTPTypeHEARTBEATACK,
		"ABORT":            SCTPTypeABORT,
		"ERROR":            SCTPTypeERROR,
		"SHUTDOWN":         SCTPTypeSHUTDOWN,
		"SHUTDOWNACK":      SCTPTypeSHUTDOWNACK,
		"COOKIEECHO":       SCTPTypeCOOKIEECHO,
		"COOKIEACK":        SCTPTypeCOOKIEACK,
		"ECNECNE":          SCTPTypeECNECNE,
		"ECNCWR":           SCTPTypeECNCWR,
		"SHUTDOWNCOMPLETE": SCTPTypeSHUTDOWNCOMPLETE,
		"ASCONF":           SCTPTypeASCONF,
		"ASCONFACK":        SCTPTypeASCONFACK,
		"FORWARDTSN":       SCTPTypeFORWARDTSN,
	}
)
View Source 
var (
	TableChains = map[TableType][]ChainType{
		TableTypeFilter: {
			ChainTypeINPUT,
			ChainTypeOUTPUT,
			ChainTypeFORWARD,
		},
		TableTypeNat: {
			ChainTypeOUTPUT,
			ChainTypePREROUTING,
			ChainTypePOSTROUTING,
		},
		TableTypeMangle: {
			ChainTypeINPUT,
			ChainTypeOUTPUT,
			ChainTypeFORWARD,
			ChainTypePREROUTING,
			ChainTypePOSTROUTING,
		},
		TableTypeRaw: {
			ChainTypeOUTPUT,
			ChainTypePREROUTING,
		},
		TableTypeSecurity: {
			ChainTypeINPUT,
			ChainTypeOUTPUT,
			ChainTypeFORWARD,
		},
	}
)

Functions

This section is empty.

Types

type AddrType 

type AddrType int
const (
	UNSPEC AddrType = 1 << iota // unspecified
	UNICAST
	LOCAL
	BROADCAST
	ANYCAST
	MULTICAST
	BLACKHOLE
	UNREACHABLE
	PROHIBIT
	THROW
	NAT
	XRESOLVE
)

func (AddrType) String 

func (addrType AddrType) String() string

type Append 

type Append struct {
	// contains filtered or unexported fields
}

func (*Append) Long 

func (cmd *Append) Long() string

func (*Append) LongArgs 

func (cmd *Append) LongArgs() []string

func (Append) SetChainType 

func (bc Append) SetChainType(chain ChainType)

func (*Append) Short 

func (cmd *Append) Short() string

func (*Append) ShortArgs 

func (cmd *Append) ShortArgs() []string

func (Append) Type 

func (bc Append) Type() CommandType

type AuditType 

type AuditType int8
const (
	AuditAccept AuditType
	AuditDrop
	AuditReject
)

func (AuditType) String 

func (auditType AuditType) String() string

type BPFSockFilter 

type BPFSockFilter struct {
	Code uint16
	JT   uint8
	JF   uint8
	K    uint32
}

BPF

type CTEvent 

type CTEvent uint8
const (
	CTEventNEW CTEvent = iota
	CTEventRELATED
	CTEventDESTROY
	CTEventREPLY
	CTEventASSURED
	CTEventPROTOINFO
	CTEventHELPER
	CTEventMARK
	CTEventSEQADJ
	CTEventSECMARK
	CTEventLABEL
	CTEventSYNPROXY
	CTEventNATSEQADJ = CTEventSEQADJ
)

func (CTEvent) String 

func (ctEvent CTEvent) String() string

type CTExpectEvent 

type CTExpectEvent uint8
const (
	CTExpectEventNEW CTExpectEvent = iota
	CTExpectEventDESTORY
)

func (CTExpectEvent) String 

func (ctExpectEvent CTExpectEvent) String() string

type CTZone 

type CTZone int8
const (
	CTZoneOrig CTZone = 1 << iota
	CTZoneReply
	CTZoneBoth = CTZoneOrig | CTZoneReply
)

type Chain 

type Chain struct {
	// contains filtered or unexported fields
}

type ChainType 

type ChainType struct {
	// contains filtered or unexported fields
}

func (*ChainType) SetName 

func (ct *ChainType) SetName(name string)

func (ChainType) String 

func (ct ChainType) String() string

func (ChainType) Type 

func (ct ChainType) Type() string

func (ChainType) Value 

func (ct ChainType) Value() string

type Check 

type Check struct {
	// contains filtered or unexported fields
}

func (*Check) Long 

func (cmd *Check) Long() string

func (*Check) LongArgs 

func (cmd *Check) LongArgs() []string

func (Check) SetChainType 

func (bc Check) SetChainType(chain ChainType)

func (*Check) Short 

func (cmd *Check) Short() string

func (*Check) ShortArgs 

func (cmd *Check) ShortArgs() []string

func (Check) Type 

func (bc Check) Type() CommandType

type Chunk 

type Chunk struct {
	Type      SCTPType
	ChunkFlag ChunkFlag
}

type ChunkFlag 

type ChunkFlag int
const (
	CF_I ChunkFlag = 1 << iota
	CF_U
	CF_B
	CF_E
	CF_i
	CF_u
	CF_b
	CF_e
	CF_T
	CF_t
	CF_ALL = CF_I | CF_U | CF_B | CF_E | CF_i | CF_u | CF_b | CF_e | CF_T | CF_t
)

func (ChunkFlag) String 

func (chunkFlag ChunkFlag) String() string

type ClusterIPHashMode 

type ClusterIPHashMode int8
const (
	ClusterIPHashModeSrcIP ClusterIPHashMode
	ClusterIPHashModeSrcIPSrcPort
	ClusterIPHashModeSrcIPSrcPortDstPort
)

func (ClusterIPHashMode) String 

func (clusterIPHashMode ClusterIPHashMode) String() string

type Command 

type Command interface {
	Type() CommandType
	Short() string
	Long() string
	ShortArgs() []string
	LongArgs() []string
	SetChainType(chain ChainType)
}

type CommandType 

type CommandType int
const (
	CommandTypeAppend      CommandType // append
	CommandTypeCheck                   // check
	CommandTypeDelete                  // delete
	CommandTypeInsert                  // insert
	CommandTypeReplace                 // replace
	CommandTypeList                    // list
	CommandTypeListRules               // go-xtables support
	CommandTypeDumpRules               // as iptables list_rules
	CommandTypeFlush                   // flush
	CommandTypeZero                    // zero
	CommandTypeNewChain                // new_chain
	CommandTypeDeleteChain             // delete_chain
	CommandTypePolicy                  // policy
	CommandTypeRenameChain             // rename_chain
	CommandTypeListChains              // go-xtables support
	CommandTypeFind                    // go-xtables support
)

func (CommandType) Type 

func (ct CommandType) Type() string

func (CommandType) Value 

func (ct CommandType) Value() string

type ConnBytesMode 

type ConnBytesMode string
const (
	// mode
	ConnBytesModePackets ConnBytesMode = "packets"
	ConnBytesModeBytes   ConnBytesMode = "bytes"
	ConnBytesModeAvgpkt  ConnBytesMode = "avgpkt"
	ConnBytesModeUnknown ConnBytesMode = "unknown"
)

type ConnTrackDir 

type ConnTrackDir int
const (
	ORIGINAL ConnTrackDir = 1 << iota
	REPLY
	BOTH
)

func (ConnTrackDir) String 

func (connTrack ConnTrackDir) String() string

type ConnTrackState 

type ConnTrackState int
const (
	INVALID ConnTrackState = 1 << iota
	NEW
	ESTABLISHED
	RELATED
	UNTRACKED
	SNAT
	DNAT
)

func (ConnTrackState) String 

func (connTrackState ConnTrackState) String() string

type ConnTrackStatus 

type ConnTrackStatus int
const (
	NONE ConnTrackStatus = 1 << iota
	EXPECTED
	SEEN_REPLY
	ASSURED
	CONFIRMED
)

func (ConnTrackStatus) String 

func (connTrackStatus ConnTrackStatus) String() string

type DCCPType 

type DCCPType int
const (
	DCCPTypeREQUEST DCCPType = 1 << iota
	DCCPTypeRESPONSE
	DCCPTypeDATA
	DCCPTypeACK
	DCCPTypeDATAACK
	DCCPTypeCLOSEREQ
	DCCPTypeCLOSE
	DCCPTypeRESET
	DCCPTypeSYNC
	DCCPTypeSYNCACK
	DCCPTypeINVALID
)

func (DCCPType) String 

func (dccpType DCCPType) String() string

type DSCPClass 

type DSCPClass int

see https://git.netfilter.org/iptables/tree/extensions/dscp_helper.c 

const (
	ClassCS0  DSCPClass = 0x00
	ClassCS1  DSCPClass = 0x08
	ClassCS2  DSCPClass = 0x10
	ClassCS3  DSCPClass = 0x18
	ClassCS4  DSCPClass = 0x20
	ClassCS5  DSCPClass = 0x28
	ClassCS6  DSCPClass = 0x30
	ClassCS7  DSCPClass = 0x38
	ClassBE   DSCPClass = 0x00
	ClassAF11 DSCPClass = 0x0a
	ClassAF12 DSCPClass = 0x0c
	ClassAF13 DSCPClass = 0x0e
	ClassAF21 DSCPClass = 0x12
	ClassAF22 DSCPClass = 0x14
	ClassAF23 DSCPClass = 0x16
	ClassAF31 DSCPClass = 0x1a
	ClassAF32 DSCPClass = 0x1c
	ClassAF33 DSCPClass = 0x1e
	ClassAF41 DSCPClass = 0x22
	ClassAF42 DSCPClass = 0x24
	ClassAF43 DSCPClass = 0x26
	ClassEF   DSCPClass = 0x2e
)

type Delete 

type Delete struct {
	// contains filtered or unexported fields
}

func (*Delete) Long 

func (cmd *Delete) Long() string

func (*Delete) LongArgs 

func (cmd *Delete) LongArgs() []string

func (Delete) SetChainType 

func (bc Delete) SetChainType(chain ChainType)

func (*Delete) Short 

func (cmd *Delete) Short() string

func (*Delete) ShortArgs 

func (cmd *Delete) ShortArgs() []string

func (Delete) Type 

func (bc Delete) Type() CommandType

type DeleteChain 

type DeleteChain struct {
	// contains filtered or unexported fields
}

func (*DeleteChain) Long 

func (cmd *DeleteChain) Long() string

func (*DeleteChain) LongArgs 

func (cmd *DeleteChain) LongArgs() []string

func (DeleteChain) SetChainType 

func (bc DeleteChain) SetChainType(chain ChainType)

func (*DeleteChain) Short 

func (cmd *DeleteChain) Short() string

func (*DeleteChain) ShortArgs 

func (cmd *DeleteChain) ShortArgs() []string

func (DeleteChain) Type 

func (bc DeleteChain) Type() CommandType

type DumpRules 

type DumpRules struct {
	// contains filtered or unexported fields
}

func (*DumpRules) Long 

func (cmd *DumpRules) Long() string

func (*DumpRules) LongArgs 

func (cmd *DumpRules) LongArgs() []string

func (DumpRules) SetChainType 

func (bc DumpRules) SetChainType(chain ChainType)

func (*DumpRules) Short 

func (cmd *DumpRules) Short() string

func (*DumpRules) ShortArgs 

func (cmd *DumpRules) ShortArgs() []string

func (DumpRules) Type 

func (bc DumpRules) Type() CommandType

type Find 

type Find struct {
	*List
}

func (Find) SetChainType 

func (bc Find) SetChainType(chain ChainType)

func (Find) Type 

func (bc Find) Type() CommandType

type Flag 

type Flag int

func (Flag) String 

func (flag Flag) String() string

type Flush 

type Flush struct {
	// contains filtered or unexported fields
}

func (*Flush) Long 

func (cmd *Flush) Long() string

func (*Flush) LongArgs 

func (cmd *Flush) LongArgs() []string

func (Flush) SetChainType 

func (bc Flush) SetChainType(chain ChainType)

func (*Flush) Short 

func (cmd *Flush) Short() string

func (*Flush) ShortArgs 

func (cmd *Flush) ShortArgs() []string

func (Flush) Type 

func (bc Flush) Type() CommandType

type HMarkTuple 

type HMarkTuple int8
const (
	HMarkTupleSrc HMarkTuple = 1 << iota
	HMarkTupleDst
	HMarkTupleSport
	HMarkTupleDport
	HMarkTupleSPI
	HMarkTupleCT
)

func (HMarkTuple) String 

func (tuple HMarkTuple) String() string

type HasRulenum 

type HasRulenum interface {
	Rulenum() uint32
}

type HashLimitMode 

type HashLimitMode uint8
const (
	HashLimitModeSrcIP HashLimitMode = 1 << iota
	HashLimitModeSrcPort
	HashLimitModeDstIP
	HashLimitModeDstPort
)

func (HashLimitMode) String 

func (hashLimitMode HashLimitMode) String() string

type IPTables 

type IPTables struct {
	// contains filtered or unexported fields
}

func NewIPTables 

func NewIPTables(opts ...IPTablesOption) *IPTables

func (*IPTables) Append 

func (iptables *IPTables) Append() error

func (*IPTables) Chain 

func (iptables *IPTables) Chain(chain ChainType) *IPTables

func (*IPTables) Check 

func (iptables *IPTables) Check() (bool, error)

func (*IPTables) Delete 

func (iptables *IPTables) Delete(opts ...OptionCommandDelete) error

0 means ignoring

func (*IPTables) DeleteAll 

func (iptables *IPTables) DeleteAll(opts ...OptionCommandDelete) error

func (*IPTables) DeleteChain 

func (iptables *IPTables) DeleteChain() error

If no table specified, the delete-chain will be applied to all tables

func (*IPTables) Dryrun 

func (iptables *IPTables) Dryrun(w io.Writer) *IPTables

func (*IPTables) DumpRules 

func (iptables *IPTables) DumpRules() ([]string, error)

-S

func (*IPTables) FindChains 

func (iptables *IPTables) FindChains() ([]*Chain, error)

func (*IPTables) FindRules 

func (iptables *IPTables) FindRules() ([]*Rule, error)

func (*IPTables) Flush 

func (iptables *IPTables) Flush() error

if no table specified, the flush will be applied to all tables. if no chain specified, the flush will be applied to all chains.

func (*IPTables) Insert 

func (iptables *IPTables) Insert(opts ...OptionCommandInsert) error

0 means ignoring

func (*IPTables) ListChains 

func (iptables *IPTables) ListChains() ([]*Chain, error)

ListChains can't be chained with matched, options and targets.

func (*IPTables) ListRules 

func (iptables *IPTables) ListRules() ([]*Rule, error)

ListRules can't be chained with matched, options and targets.

func (*IPTables) MatchAH 

func (iptables *IPTables) MatchAH(opts ...OptionMatchAH) *IPTables

func (*IPTables) MatchAddrType 

func (iptables *IPTables) MatchAddrType(opts ...OptionMatchAddrType) *IPTables

func (*IPTables) MatchBPF 

func (iptables *IPTables) MatchBPF(opts ...OptionMatchBPF) *IPTables

func (*IPTables) MatchCGroup 

func (iptables *IPTables) MatchCGroup(opts ...OptionMatchCGroup) *IPTables

func (*IPTables) MatchCPU 

func (iptables *IPTables) MatchCPU(invert bool, cpu int) *IPTables

func (*IPTables) MatchCluster 

func (iptables *IPTables) MatchCluster(opts ...OptionMatchCluster) *IPTables

func (*IPTables) MatchComment 

func (iptables *IPTables) MatchComment(comment string) *IPTables

func (*IPTables) MatchConnBytes 

func (iptables *IPTables) MatchConnBytes(opts ...OptionMatchConnBytes) *IPTables

func (*IPTables) MatchConnLabel 

func (iptables *IPTables) MatchConnLabel(opts ...OptionMatchConnLabel) *IPTables

func (*IPTables) MatchConnLimit 

func (iptables *IPTables) MatchConnLimit(opts ...OptionMatchConnLimit) *IPTables

func (*IPTables) MatchConnMark 

func (iptables *IPTables) MatchConnMark(invert bool, value ...int) *IPTables

func (*IPTables) MatchConnTrack 

func (iptables *IPTables) MatchConnTrack(opts ...OptionMatchConnTrack) *IPTables

func (*IPTables) MatchDCCP 

func (iptables *IPTables) MatchDCCP(opts ...OptionMatchDCCP) *IPTables

func (*IPTables) MatchDSCP 

func (iptables *IPTables) MatchDSCP(opts ...OptionMatchDSCP) *IPTables

func (*IPTables) MatchDestination 

func (iptables *IPTables) MatchDestination(invert bool, address interface{}) *IPTables

address takes: 1. string for hostname or network or ip 2. *net.IPNet 3. net.IP

func (*IPTables) MatchDevGroup 

func (iptables *IPTables) MatchDevGroup(opts ...OptionMatchDevGroup) *IPTables

func (*IPTables) MatchDst 

func (iptables *IPTables) MatchDst(opts ...OptionMatchDst) *IPTables

func (*IPTables) MatchECN 

func (iptables *IPTables) MatchECN(opts ...OptionMatchECN) *IPTables

func (*IPTables) MatchESP 

func (iptables *IPTables) MatchESP(invert bool, spi ...int) *IPTables

func (*IPTables) MatchEUI64 

func (iptables *IPTables) MatchEUI64() *IPTables

func (*IPTables) MatchFrag 

func (iptables *IPTables) MatchFrag(opts ...OptionMatchFrag) *IPTables

func (*IPTables) MatchHBH 

func (iptables *IPTables) MatchHBH(opts ...OptionMatchHBH) *IPTables

func (*IPTables) MatchHL 

func (iptables *IPTables) MatchHL(operator xtables.Operator, value int) *IPTables

func (*IPTables) MatchHelper 

func (iptables *IPTables) MatchHelper(helper string) *IPTables

func (*IPTables) MatchICMP 

func (iptables *IPTables) MatchICMP(invert bool, typ network.ICMPType,
	opts ...OptionMatchICMP) *IPTables

func (*IPTables) MatchIPRange 

func (iptables *IPTables) MatchIPRange(opts ...OptionMatchIPRange) *IPTables

func (*IPTables) MatchIPVS 

func (iptables *IPTables) MatchIPVS(opts ...OptionMatchIPVS) *IPTables

func (*IPTables) MatchIPv4 

func (iptables *IPTables) MatchIPv4() *IPTables

matches

func (*IPTables) MatchIPv6 

func (iptables *IPTables) MatchIPv6() *IPTables

func (*IPTables) MatchIPv6Header 

func (iptables *IPTables) MatchIPv6Header(opts ...OptionMatchIPv6Header) *IPTables

func (*IPTables) MatchInInterface 

func (iptables *IPTables) MatchInInterface(invert bool, iface string) *IPTables

func (*IPTables) MatchLength 

func (iptables *IPTables) MatchLength(invert bool, length ...int) *IPTables

func (*IPTables) MatchLimit 

func (iptables *IPTables) MatchLimit(opts ...OptionMatchLimit) *IPTables

func (*IPTables) MatchMAC 

func (iptables *IPTables) MatchMAC(invert bool, mac net.HardwareAddr) *IPTables

func (*IPTables) MatchMH 

func (iptables *IPTables) MatchMH(invert bool, typ ...MHType) *IPTables

func (*IPTables) MatchMark 

func (iptables *IPTables) MatchMark(invert bool, value ...int) *IPTables

func (*IPTables) MatchMultiPort 

func (iptables *IPTables) MatchMultiPort(opts ...OptionMatchMultiPort) *IPTables

func (*IPTables) MatchNFAcct 

func (iptables *IPTables) MatchNFAcct(name string) *IPTables

func (*IPTables) MatchOSF 

func (iptables *IPTables) MatchOSF(opts ...OptionMatchOSF) *IPTables

func (*IPTables) MatchOutInterface 

func (iptables *IPTables) MatchOutInterface(invert bool, iface string) *IPTables

func (*IPTables) MatchOwner 

func (iptables *IPTables) MatchOwner(opts ...OptionMatchOwner) *IPTables

func (*IPTables) MatchPhysDev 

func (iptables *IPTables) MatchPhysDev(opts ...OptionMatchPhysDev) *IPTables

func (*IPTables) MatchPktType 

func (iptables *IPTables) MatchPktType(invert bool, pktType PktType) *IPTables

func (*IPTables) MatchPolicy 

func (iptables *IPTables) MatchPolicy(opts ...OptionMatchPolicy) *IPTables

func (*IPTables) MatchProtocol 

func (iptables *IPTables) MatchProtocol(invert bool, protocol network.Protocol) *IPTables

func (*IPTables) MatchQuota 

func (iptables *IPTables) MatchQuota(invert bool, quota int64) *IPTables

func (*IPTables) MatchRPFilter 

func (iptables *IPTables) MatchRPFilter(opts ...OptionMatchRPFilter) *IPTables

func (*IPTables) MatchRT 

func (iptables *IPTables) MatchRT(opts ...OptionMatchRT) *IPTables

func (*IPTables) MatchRateEst 

func (iptables *IPTables) MatchRateEst(opts ...OptionMatchRateEst) *IPTables

func (*IPTables) MatchRealm 

func (iptables *IPTables) MatchRealm(invert bool, value ...int) *IPTables

func (*IPTables) MatchRecent 

func (iptables *IPTables) MatchRecent(opts ...OptionMatchRecent) *IPTables

func (*IPTables) MatchSCTP 

func (iptables *IPTables) MatchSCTP(opts ...OptionMatchSCTP) *IPTables

func (*IPTables) MatchSet 

func (iptables *IPTables) MatchSet(opts ...OptionMatchSet) *IPTables

func (*IPTables) MatchSocket 

func (iptables *IPTables) MatchSocket(opts ...OptionMatchSocket) *IPTables

func (*IPTables) MatchSource 

func (iptables *IPTables) MatchSource(invert bool, address interface{}) *IPTables

address takes: 1. string for hostname, network or ip 2. *net.IPNet 3. net.IP

func (*IPTables) MatchState 

func (iptables *IPTables) MatchState(state ConnTrackState) *IPTables

func (*IPTables) MatchStatistic 

func (iptables *IPTables) MatchStatistic(opts ...OptionMatchStatistic) *IPTables

func (*IPTables) MatchString 

func (iptables *IPTables) MatchString(opts ...OptionMatchString) *IPTables

func (*IPTables) MatchTCP 

func (iptables *IPTables) MatchTCP(opts ...OptionMatchTCP) *IPTables

func (*IPTables) MatchTCPMSS 

func (iptables *IPTables) MatchTCPMSS(invert bool, mss ...int) *IPTables

func (*IPTables) MatchTOS 

func (iptables *IPTables) MatchTOS(invert bool, tos ...network.TOS) *IPTables

func (*IPTables) MatchTTL 

func (iptables *IPTables) MatchTTL(opts ...OptionMatchTTL) *IPTables

func (*IPTables) MatchTime 

func (iptables *IPTables) MatchTime(opts ...OptionMatchTime) *IPTables

func (*IPTables) MatchU32 

func (iptables *IPTables) MatchU32(invert bool, tests string) *IPTables

func (*IPTables) MatchUDP 

func (iptables *IPTables) MatchUDP(opts ...OptionMatchUDP) *IPTables

func (*IPTables) NewChain 

func (iptables *IPTables) NewChain(newName string) error

func (*IPTables) OptionExact 

func (iptables *IPTables) OptionExact() *IPTables

func (*IPTables) OptionFragment 

func (iptables *IPTables) OptionFragment(invert bool) *IPTables

iptables options

func (*IPTables) OptionLineNumbers 

func (iptables *IPTables) OptionLineNumbers() *IPTables

func (*IPTables) OptionModprobe 

func (iptables *IPTables) OptionModprobe(command string) *IPTables

func (*IPTables) OptionSetCounters 

func (iptables *IPTables) OptionSetCounters(packets, bytes uint64) *IPTables

func (*IPTables) OptionVerbose 

func (iptables *IPTables) OptionVerbose() *IPTables

func (*IPTables) OptionWait 

func (iptables *IPTables) OptionWait(seconds uint32) *IPTables

0 means indefinitely

func (*IPTables) OptionWaitInterval 

func (iptables *IPTables) OptionWaitInterval(microseconds uint64) *IPTables

func (*IPTables) Policy 

func (iptables *IPTables) Policy(target TargetType) error

If no table specified, the delete-chain will be applied to all tables If no chain specified, the policy will be applied to all build-in chains.

func (*IPTables) RenameChain 

func (iptables *IPTables) RenameChain(newChain string) error

func (*IPTables) Replace 

func (iptables *IPTables) Replace(rulenum int) error

rulenum is required

func (*IPTables) Table 

func (iptables *IPTables) Table(table TableType) *IPTables

func (*IPTables) TargetAccept 

func (iptables *IPTables) TargetAccept() *IPTables

targets

func (*IPTables) TargetAudit 

func (iptables *IPTables) TargetAudit(typ AuditType) *IPTables

func (*IPTables) TargetCT 

func (iptables *IPTables) TargetCT(opts ...OptionTargetCT) *IPTables

func (*IPTables) TargetCheckSum 

func (iptables *IPTables) TargetCheckSum() *IPTables

func (*IPTables) TargetClassify 

func (iptables *IPTables) TargetClassify(major, minor int) *IPTables

func (*IPTables) TargetClusterIP 

func (iptables *IPTables) TargetClusterIP(opts ...OptionTargetClusterIP) *IPTables

func (*IPTables) TargetConnMark 

func (iptables *IPTables) TargetConnMark(opts ...OptionTargetConnMark) *IPTables

func (*IPTables) TargetConnSecMark 

func (iptables *IPTables) TargetConnSecMark(mode TargetConnSecMarkMode) *IPTables

func (*IPTables) TargetDNAT 

func (iptables *IPTables) TargetDNAT(opts ...OptionTargetDNAT) *IPTables

func (*IPTables) TargetDNPT 

func (iptables *IPTables) TargetDNPT(opts ...OptionTargetDNPT) *IPTables

func (*IPTables) TargetDSCP 

func (iptables *IPTables) TargetDSCP(opts ...OptionTargetDSCP) *IPTables

func (*IPTables) TargetDrop 

func (iptables *IPTables) TargetDrop() *IPTables

func (*IPTables) TargetECN 

func (iptables *IPTables) TargetECN(opts ...OptionTargetECN) *IPTables

func (*IPTables) TargetGotoChain 

func (iptables *IPTables) TargetGotoChain(chain string) *IPTables

func (*IPTables) TargetHL 

func (iptables *IPTables) TargetHL(opts ...OptionTargetHL) *IPTables

func (*IPTables) TargetHMark 

func (iptables *IPTables) TargetHMark(opts ...OptionTargetHMark) *IPTables

func (*IPTables) TargetIdleTimer 

func (iptables *IPTables) TargetIdleTimer(opts ...OptionTargetIdleTimer) *IPTables

func (*IPTables) TargetJumpChain 

func (iptables *IPTables) TargetJumpChain(chain string) *IPTables

func (*IPTables) TargetLED 

func (iptables *IPTables) TargetLED(opts ...OptionTargetLED) *IPTables

func (*IPTables) TargetLog 

func (iptables *IPTables) TargetLog(opts ...OptionTargetLog) *IPTables

func (*IPTables) TargetMark 

func (iptables *IPTables) TargetMark(opts ...OptionTargetMark) *IPTables

func (*IPTables) TargetMasquerade 

func (iptables *IPTables) TargetMasquerade(opts ...OptionTargetMasquerade) *IPTables

func (*IPTables) TargetNFLog 

func (iptables *IPTables) TargetNFLog(opts ...OptionTargetNFLog) *IPTables

func (*IPTables) TargetNFQueue 

func (iptables *IPTables) TargetNFQueue(opts ...OptionTargetNFQueue) *IPTables

func (*IPTables) TargetNetmap 

func (iptables *IPTables) TargetNetmap(opts ...OptionTargetNetmap) *IPTables

func (*IPTables) TargetRateEst 

func (iptables *IPTables) TargetRateEst(opts ...OptionTargetRateEst) *IPTables

func (*IPTables) TargetRedirect 

func (iptables *IPTables) TargetRedirect(opts ...OptionTargetRedirect) *IPTables

func (*IPTables) TargetReject 

func (iptables *IPTables) TargetReject(opts ...OptionTargetReject) *IPTables

func (*IPTables) TargetReturn 

func (iptables *IPTables) TargetReturn() *IPTables

func (*IPTables) TargetSNAT 

func (iptables *IPTables) TargetSNAT(opts ...OptionTargetSNAT) *IPTables

func (*IPTables) TargetSNPT 

func (iptables *IPTables) TargetSNPT(opts ...OptionTargetSNPT) *IPTables

func (*IPTables) TargetSame 

func (iptables *IPTables) TargetSame(opts ...OptionTargetSame) *IPTables

func (*IPTables) TargetSecMark 

func (iptables *IPTables) TargetSecMark(opts ...OptionTargetSecMark) *IPTables

func (*IPTables) TargetSet 

func (iptables *IPTables) TargetSet(opts ...OptionTargetSet) *IPTables

func (*IPTables) TargetSynProxy 

func (iptables *IPTables) TargetSynProxy(opts ...OptionTargetSYNProxy) *IPTables

func (*IPTables) TargetTCPMSS 

func (iptables *IPTables) TargetTCPMSS(opts ...OptionTargetTCPMSS) *IPTables

func (*IPTables) TargetTCPOptStrip 

func (iptables *IPTables) TargetTCPOptStrip(opts ...OptionTargetTCPOptStrip) *IPTables

func (*IPTables) TargetTEE 

func (iptables *IPTables) TargetTEE(gateway net.IP) *IPTables

func (*IPTables) TargetTOS 

func (iptables *IPTables) TargetTOS(opts ...OptionTargetTOS) *IPTables

func (*IPTables) TargetTProxy 

func (iptables *IPTables) TargetTProxy(opts ...OptionTargetTProxy) *IPTables

func (*IPTables) TargetTTL 

func (iptables *IPTables) TargetTTL(opts ...OptionTargetTTL) *IPTables

func (*IPTables) TargetTrace 

func (iptables *IPTables) TargetTrace() *IPTables

func (*IPTables) TargetULog 

func (iptables *IPTables) TargetULog(opts ...OptionTargetULog) *IPTables

func (*IPTables) UserDefinedChain 

func (iptables *IPTables) UserDefinedChain(chain string) *IPTables

func (*IPTables) Zero 

func (iptables *IPTables) Zero(opts ...OptionCommandZero) error

0 means ignoring

type IPTablesOption 

type IPTablesOption func(*IPTables)

func OptionIPTablesCmdPath 

func OptionIPTablesCmdPath(path string) IPTablesOption

like "/usr/sbin/iptables"

func OptionIPTablesLogger 

func OptionIPTablesLogger(logger log.Logger) IPTablesOption

type IPVSMethod 

type IPVSMethod int

func (IPVSMethod) String 

func (ipvsMethod IPVSMethod) String() string

type Insert 

type Insert struct {
	// contains filtered or unexported fields
}

func (*Insert) Long 

func (cmd *Insert) Long() string

func (*Insert) LongArgs 

func (cmd *Insert) LongArgs() []string

func (Insert) SetChainType 

func (bc Insert) SetChainType(chain ChainType)

func (*Insert) Short 

func (cmd *Insert) Short() string

func (*Insert) ShortArgs 

func (cmd *Insert) ShortArgs() []string

func (Insert) Type 

func (bc Insert) Type() CommandType

type LOGFlag 

type LOGFlag uint32
const (
	LOGFlagTCPSEQ    LOGFlag = 0x01
	LOGFlagTCPOPT    LOGFlag = 0x02
	LOGFlagIPOPT     LOGFlag = 0x04
	LOGFlagUID       LOGFlag = 0x08
	LOGFlagNFLOG     LOGFlag = 0x10
	LOGFlagMACDECODE LOGFlag = 0x20
	LOGFlagMASK      LOGFlag = 0x2f
)

type LOGLevel 

type LOGLevel int8
const (
	LOGLevelEMERG   LOGLevel = 0 /* system is unusable */
	LOGLevelALERT   LOGLevel = 1 /* action must be taken immediately */
	LOGLevelCRIT    LOGLevel = 2 /* critical conditions */
	LOGLevelERR     LOGLevel = 3 /* error conditions */
	LOGLevelWARNING LOGLevel = 4 /* warning conditions */
	LOGLevelNOTICE  LOGLevel = 5 /* normal but significant condition */
	LOGLevelINFO    LOGLevel = 6 /* informational */
	LOGLevelDEBUG   LOGLevel = 7 /* debug-level messages */
)

type List 

type List struct {
	// contains filtered or unexported fields
}

func (*List) Long 

func (cmd *List) Long() string

func (*List) LongArgs 

func (cmd *List) LongArgs() []string

func (List) SetChainType 

func (bc List) SetChainType(chain ChainType)

func (*List) Short 

func (cmd *List) Short() string

func (*List) ShortArgs 

func (cmd *List) ShortArgs() []string

func (List) Type 

func (bc List) Type() CommandType

type ListChains 

type ListChains struct {
	*List
}

func (ListChains) SetChainType 

func (bc ListChains) SetChainType(chain ChainType)

func (ListChains) Type 

func (bc ListChains) Type() CommandType

type ListRules 

type ListRules struct {
	*List
}

func (ListRules) SetChainType 

func (bc ListRules) SetChainType(chain ChainType)

func (ListRules) Type 

func (bc ListRules) Type() CommandType

type MHType 

type MHType int
const (
	BindingRefreshRequest  MHType = 0
	BRR                    MHType = 0
	HomeTestInit           MHType = 1
	HOTI                   MHType = 1
	CareofTestInit         MHType = 2
	COTI                   MHType = 2
	HomeTest               MHType = 3
	HOT                    MHType = 3
	CareofTest             MHType = 4
	COT                    MHType = 4
	BindingUpdate          MHType = 5
	BU                     MHType = 5
	BindingAcknowledgement MHType = 6
	BA                     MHType = 6
	BindingError           MHType = 7
	BE                     MHType = 7
)

func (MHType) String 

func (mhType MHType) String() string

type Match 

type Match interface {
	Type() MatchType
	Short() string
	ShortArgs() []string
	Long() string
	LongArgs() []string
	Parse([]byte) (int, bool)
	Depends() []MatchType
	Equal(Match) bool
}

type MatchAH 

type MatchAH struct {

	// spi
	SPIMin int
	SPIMax int
	// spi length
	Length int
	// reversed
	Reserved bool
	// invert
	SPIInvert    bool
	LengthInvert bool
	// contains filtered or unexported fields
}

Both ipv4 and ipv6 Non-numeric unsupported

func (MatchAH) AddrType 

func (bm MatchAH) AddrType() network.AddressType

func (MatchAH) Depends 

func (bm MatchAH) Depends() []MatchType

func (MatchAH) Equal 

func (bm MatchAH) Equal(mth Match) bool

func (*MatchAH) Long 

func (mAH *MatchAH) Long() string

func (*MatchAH) LongArgs 

func (mAH *MatchAH) LongArgs() []string

func (*MatchAH) Parse 

func (mAH *MatchAH) Parse(main []byte) (int, bool)

func (*MatchAH) Short 

func (mAH *MatchAH) Short() string

func (*MatchAH) ShortArgs 

func (mAH *MatchAH) ShortArgs() []string

func (MatchAH) Type 

func (bm MatchAH) Type() MatchType

type MatchAddrType 

type MatchAddrType struct {

	// src type
	SrcTypeInvert bool
	SrcType       AddrType
	HasSrcType    bool
	// dst type
	DstTypeInvert bool
	DstType       AddrType
	HasDstType    bool
	// limit face in
	LimitIfaceIn bool
	// limit face out
	LimitIfaceOut bool
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchAddrType) AddrType 

func (bm MatchAddrType) AddrType() network.AddressType

func (MatchAddrType) Depends 

func (bm MatchAddrType) Depends() []MatchType

func (MatchAddrType) Equal 

func (bm MatchAddrType) Equal(mth Match) bool

func (*MatchAddrType) Long 

func (mAddrType *MatchAddrType) Long() string

func (*MatchAddrType) LongArgs 

func (mAddrType *MatchAddrType) LongArgs() []string

func (*MatchAddrType) Parse 

func (mAddrType *MatchAddrType) Parse(main []byte) (int, bool)

func (*MatchAddrType) Short 

func (mAddrType *MatchAddrType) Short() string

func (*MatchAddrType) ShortArgs 

func (mAddrType *MatchAddrType) ShortArgs() []string

func (MatchAddrType) Type 

func (bm MatchAddrType) Type() MatchType

type MatchBPF 

type MatchBPF struct {
	BPF    []BPFSockFilter
	BPFRaw string
	Path   string
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchBPF) AddrType 

func (bm MatchBPF) AddrType() network.AddressType

func (MatchBPF) Depends 

func (bm MatchBPF) Depends() []MatchType

func (MatchBPF) Equal 

func (bm MatchBPF) Equal(mth Match) bool

func (*MatchBPF) Long 

func (mBPF *MatchBPF) Long() string

func (*MatchBPF) LongArgs 

func (mBPF *MatchBPF) LongArgs() []string

func (*MatchBPF) Parse 

func (mBPF *MatchBPF) Parse(main []byte) (int, bool)

func (*MatchBPF) Short 

func (mBPF *MatchBPF) Short() string

func (*MatchBPF) ShortArgs 

func (mBPF *MatchBPF) ShortArgs() []string

func (MatchBPF) Type 

func (bm MatchBPF) Type() MatchType

type MatchCGroup 

type MatchCGroup struct {
	Path    string
	ClassID int
	// invert
	PathInvert    bool
	ClassIDInvert bool
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchCGroup) AddrType 

func (bm MatchCGroup) AddrType() network.AddressType

func (MatchCGroup) Depends 

func (bm MatchCGroup) Depends() []MatchType

func (MatchCGroup) Equal 

func (bm MatchCGroup) Equal(mth Match) bool

func (*MatchCGroup) Long 

func (mCG *MatchCGroup) Long() string

func (*MatchCGroup) LongArgs 

func (mCG *MatchCGroup) LongArgs() []string

func (*MatchCGroup) Parse 

func (mCG *MatchCGroup) Parse(main []byte) (int, bool)

func (*MatchCGroup) Short 

func (mCG *MatchCGroup) Short() string

func (*MatchCGroup) ShortArgs 

func (mCG *MatchCGroup) ShortArgs() []string

func (MatchCGroup) Type 

func (bm MatchCGroup) Type() MatchType

type MatchCPU 

type MatchCPU struct {
	CPU int
	// contains filtered or unexported fields
}

Non-numeric unsupport

func (MatchCPU) AddrType 

func (bm MatchCPU) AddrType() network.AddressType

func (MatchCPU) Depends 

func (bm MatchCPU) Depends() []MatchType

func (MatchCPU) Equal 

func (bm MatchCPU) Equal(mth Match) bool

func (*MatchCPU) Long 

func (mCPU *MatchCPU) Long() string

func (*MatchCPU) LongArgs 

func (mCPU *MatchCPU) LongArgs() []string

func (*MatchCPU) Parse 

func (mCPU *MatchCPU) Parse(main []byte) (int, bool)

func (*MatchCPU) Short 

func (mCPU *MatchCPU) Short() string

func (*MatchCPU) ShortArgs 

func (mCPU *MatchCPU) ShortArgs() []string

func (MatchCPU) Type 

func (bm MatchCPU) Type() MatchType

type MatchCluster 

type MatchCluster struct {
	TotalNodes    int
	LocalNodeMask int64
	HashSeed      int64
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchCluster) AddrType 

func (bm MatchCluster) AddrType() network.AddressType

func (MatchCluster) Depends 

func (bm MatchCluster) Depends() []MatchType

func (MatchCluster) Equal 

func (bm MatchCluster) Equal(mth Match) bool

func (*MatchCluster) Long 

func (mCluster *MatchCluster) Long() string

func (*MatchCluster) LongArgs 

func (mCluster *MatchCluster) LongArgs() []string

func (*MatchCluster) Parse 

func (mCluster *MatchCluster) Parse(main []byte) (int, bool)

func (*MatchCluster) Short 

func (mCluster *MatchCluster) Short() string

func (*MatchCluster) ShortArgs 

func (mCluster *MatchCluster) ShortArgs() []string

func (MatchCluster) Type 

func (bm MatchCluster) Type() MatchType

type MatchComment 

type MatchComment struct {
	Comment string
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchComment) AddrType 

func (bm MatchComment) AddrType() network.AddressType

func (MatchComment) Depends 

func (bm MatchComment) Depends() []MatchType

func (MatchComment) Equal 

func (bm MatchComment) Equal(mth Match) bool

func (MatchComment) Long 

func (bm MatchComment) Long() string

func (MatchComment) LongArgs 

func (bm MatchComment) LongArgs() []string

func (*MatchComment) Parse 

func (mComment *MatchComment) Parse(main []byte) (int, bool)

func (*MatchComment) Short 

func (mComment *MatchComment) Short() string

func (*MatchComment) ShortArgs 

func (mComment *MatchComment) ShortArgs() []string

func (MatchComment) Type 

func (bm MatchComment) Type() MatchType

type MatchConnBytes 

type MatchConnBytes struct {
	From      int64
	To        int64
	Mode      ConnBytesMode
	Direction ConnTrackDir
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchConnBytes) AddrType 

func (bm MatchConnBytes) AddrType() network.AddressType

func (MatchConnBytes) Depends 

func (bm MatchConnBytes) Depends() []MatchType

func (MatchConnBytes) Equal 

func (bm MatchConnBytes) Equal(mth Match) bool

func (*MatchConnBytes) Long 

func (mConnBytes *MatchConnBytes) Long() string

func (*MatchConnBytes) LongArgs 

func (mConnBytes *MatchConnBytes) LongArgs() []string

func (*MatchConnBytes) Parse 

func (mConnBytes *MatchConnBytes) Parse(main []byte) (int, bool)

func (*MatchConnBytes) Short 

func (mConnBytes *MatchConnBytes) Short() string

func (*MatchConnBytes) ShortArgs 

func (mConnBytes *MatchConnBytes) ShortArgs() []string

func (MatchConnBytes) Type 

func (bm MatchConnBytes) Type() MatchType

type MatchConnLabel 

type MatchConnLabel struct {
	Label     int
	LabelName string
	Set       bool
	// contains filtered or unexported fields
}

Numeric unsupported

func (MatchConnLabel) AddrType 

func (bm MatchConnLabel) AddrType() network.AddressType

func (MatchConnLabel) Depends 

func (bm MatchConnLabel) Depends() []MatchType

func (MatchConnLabel) Equal 

func (bm MatchConnLabel) Equal(mth Match) bool

func (*MatchConnLabel) Long 

func (mConnLabel *MatchConnLabel) Long() string

func (*MatchConnLabel) LongArgs 

func (mConnLabel *MatchConnLabel) LongArgs() []string

func (*MatchConnLabel) Parse 

func (mConnLabel *MatchConnLabel) Parse(main []byte) (int, bool)

func (*MatchConnLabel) Short 

func (mConnLabel *MatchConnLabel) Short() string

func (*MatchConnLabel) ShortArgs 

func (mConnLabel *MatchConnLabel) ShortArgs() []string

func (MatchConnLabel) Type 

func (bm MatchConnLabel) Type() MatchType

type MatchConnLimit 

type MatchConnLimit struct {
	Upto  int
	Above int
	Mask  int
	Src   bool
	Dst   bool
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchConnLimit) AddrType 

func (bm MatchConnLimit) AddrType() network.AddressType

func (MatchConnLimit) Depends 

func (bm MatchConnLimit) Depends() []MatchType

func (MatchConnLimit) Equal 

func (bm MatchConnLimit) Equal(mth Match) bool

func (*MatchConnLimit) Long 

func (mConnLimit *MatchConnLimit) Long() string

func (*MatchConnLimit) LongArgs 

func (mConnLimit *MatchConnLimit) LongArgs() []string

func (*MatchConnLimit) Parse 

func (mConnLimit *MatchConnLimit) Parse(main []byte) (int, bool)

func (*MatchConnLimit) Short 

func (mConnLimit *MatchConnLimit) Short() string

func (*MatchConnLimit) ShortArgs 

func (mConnLimit *MatchConnLimit) ShortArgs() []string

func (MatchConnLimit) Type 

func (bm MatchConnLimit) Type() MatchType

type MatchConnMark 

type MatchConnMark struct {
	Value int
	Mask  int
	// contains filtered or unexported fields
}

Non-numeric unsupported

func (MatchConnMark) AddrType 

func (bm MatchConnMark) AddrType() network.AddressType

func (MatchConnMark) Depends 

func (bm MatchConnMark) Depends() []MatchType

func (MatchConnMark) Equal 

func (bm MatchConnMark) Equal(mth Match) bool

func (*MatchConnMark) Long 

func (mConnMark *MatchConnMark) Long() string

func (*MatchConnMark) LongArgs 

func (mConnMark *MatchConnMark) LongArgs() []string

func (*MatchConnMark) Parse 

func (mConnMark *MatchConnMark) Parse(main []byte) (int, bool)

func (*MatchConnMark) Short 

func (mConnMark *MatchConnMark) Short() string

func (*MatchConnMark) ShortArgs 

func (mConnMark *MatchConnMark) ShortArgs() []string

func (MatchConnMark) Type 

func (bm MatchConnMark) Type() MatchType

type MatchConnTrack 

type MatchConnTrack struct {
	State          ConnTrackState
	Status         ConnTrackStatus
	Direction      ConnTrackDir
	Proto          network.Protocol
	OrigSrc        network.Address
	OrigDst        network.Address
	ReplSrc        network.Address
	ReplDst        network.Address
	OrigSrcPortMin int
	OrigSrcPortMax int
	OrigDstPortMin int
	OrigDstPortMax int
	ReplSrcPortMin int
	ReplSrcPortMax int
	ReplDstPortMin int
	ReplDstPortMax int
	ExpireMin      int
	ExpireMax      int
	// invert
	StateInvert       bool
	StatusInvert      bool
	ProtoInvert       bool
	OrigSrcInvert     bool
	OrigDstInvert     bool
	ReplSrcInvert     bool
	ReplDstInvert     bool
	OrigSrcPortInvert bool
	OrigDstPortInvert bool
	ReplSrcPortInvert bool
	ReplDstPortInvert bool
	ExpireInvert      bool
	// unused
	DirectionInvert bool
	// contains filtered or unexported fields
}

Non-numeric supported

func (MatchConnTrack) AddrType 

func (bm MatchConnTrack) AddrType() network.AddressType

func (MatchConnTrack) Depends 

func (bm MatchConnTrack) Depends() []MatchType

func (MatchConnTrack) Equal 

func (bm MatchConnTrack) Equal(mth Match) bool

func (*MatchConnTrack) Long 

func (mConnTrack *MatchConnTrack) Long() string

func (*MatchConnTrack) LongArgs 

func (mConnTrack *MatchConnTrack) LongArgs() []string

func (*MatchConnTrack) Parse 

func (mConnTrack *MatchConnTrack) Parse(main []byte) (int, bool)

func (*MatchConnTrack) Short 

func (mConnTrack *MatchConnTrack) Short() string

func (*MatchConnTrack) ShortArgs 

func (mConnTrack *MatchConnTrack) ShortArgs() []string

func (MatchConnTrack) Type 

func (bm MatchConnTrack) Type() MatchType

type MatchDCCP 

type MatchDCCP struct {
	SrcPortMin int
	SrcPortMax int
	DstPortMin int
	DstPortMax int
	DCCPType   DCCPType
	Option     int
	// invert
	SrcPortInvert bool
	DstPortInvert bool
	TypeInvert    bool
	OptionInvert  bool
	// contains filtered or unexported fields
}

Non-numeric support

func (MatchDCCP) AddrType 

func (bm MatchDCCP) AddrType() network.AddressType

func (MatchDCCP) Depends 

func (bm MatchDCCP) Depends() []MatchType

func (MatchDCCP) Equal 

func (bm MatchDCCP) Equal(mth Match) bool

func (*MatchDCCP) Long 

func (mDCCP *MatchDCCP) Long() string

func (*MatchDCCP) LongArgs 

func (mDCCP *MatchDCCP) LongArgs() []string

func (*MatchDCCP) Parse 

func (mDCCP *MatchDCCP) Parse(main []byte) (int, bool)

the service name may match patten '[0-9a-z/.*_+-]+'

func (*MatchDCCP) Short 

func (mDCCP *MatchDCCP) Short() string

func (*MatchDCCP) ShortArgs 

func (mDCCP *MatchDCCP) ShortArgs() []string

func (MatchDCCP) Type 

func (bm MatchDCCP) Type() MatchType

type MatchDSCP 

type MatchDSCP struct {
	Value int
	// contains filtered or unexported fields
}

func (MatchDSCP) AddrType 

func (bm MatchDSCP) AddrType() network.AddressType

func (MatchDSCP) Depends 

func (bm MatchDSCP) Depends() []MatchType

func (MatchDSCP) Equal 

func (bm MatchDSCP) Equal(mth Match) bool

func (*MatchDSCP) Long 

func (mDSCP *MatchDSCP) Long() string

func (*MatchDSCP) LongArgs 

func (mDSCP *MatchDSCP) LongArgs() []string

func (*MatchDSCP) Parse 

func (mDSCP *MatchDSCP) Parse(main []byte) (int, bool)

func (*MatchDSCP) Short 

func (mDSCP *MatchDSCP) Short() string

func (*MatchDSCP) ShortArgs 

func (mDSCP *MatchDSCP) ShortArgs() []string

func (MatchDSCP) Type 

func (bm MatchDSCP) Type() MatchType

type MatchDestination 

type MatchDestination struct {
	// contains filtered or unexported fields
}

func (MatchDestination) AddrType 

func (bm MatchDestination) AddrType() network.AddressType

func (MatchDestination) Depends 

func (bm MatchDestination) Depends() []MatchType

func (MatchDestination) Equal 

func (bm MatchDestination) Equal(mth Match) bool

func (*MatchDestination) Long 

func (mDst *MatchDestination) Long() string

func (*MatchDestination) LongArgs 

func (mDst *MatchDestination) LongArgs() []string

func (MatchDestination) Parse 

func (bm MatchDestination) Parse(params []byte) (int, bool)

func (*MatchDestination) Short 

func (mDst *MatchDestination) Short() string

func (*MatchDestination) ShortArgs 

func (mDst *MatchDestination) ShortArgs() []string

func (MatchDestination) Type 

func (bm MatchDestination) Type() MatchType

type MatchDevGroup 

type MatchDevGroup struct {
	SrcGroup int64
	DstGroup int64
	// invert
	SrcGroupInvert bool
	DstGroupInvert bool
	// contains filtered or unexported fields
}

func (MatchDevGroup) AddrType 

func (bm MatchDevGroup) AddrType() network.AddressType

func (MatchDevGroup) Depends 

func (bm MatchDevGroup) Depends() []MatchType

func (MatchDevGroup) Equal 

func (bm MatchDevGroup) Equal(mth Match) bool

func (*MatchDevGroup) Long 

func (mDevGroup *MatchDevGroup) Long() string

func (*MatchDevGroup) LongArgs 

func (mDevGroup *MatchDevGroup) LongArgs() []string

func (*MatchDevGroup) Parse 

func (mDevGroup *MatchDevGroup) Parse(main []byte) (int, bool)

func (*MatchDevGroup) Short 

func (mDevGroup *MatchDevGroup) Short() string

func (*MatchDevGroup) ShortArgs 

func (mDevGroup *MatchDevGroup) ShortArgs() []string

func (MatchDevGroup) Type 

func (bm MatchDevGroup) Type() MatchType

type MatchDst 

type MatchDst struct {
	Length  int
	Options []network.IPv6Option
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric unsupport

func (MatchDst) AddrType 

func (bm MatchDst) AddrType() network.AddressType

func (MatchDst) Depends 

func (bm MatchDst) Depends() []MatchType

func (MatchDst) Equal 

func (bm MatchDst) Equal(mth Match) bool

func (*MatchDst) Long 

func (mDst *MatchDst) Long() string

func (*MatchDst) LongArgs 

func (mDst *MatchDst) LongArgs() []string

func (*MatchDst) Parse 

func (mDst *MatchDst) Parse(main []byte) (int, bool)

func (*MatchDst) Short 

func (mDst *MatchDst) Short() string

func (*MatchDst) ShortArgs 

func (mDst *MatchDst) ShortArgs() []string

func (MatchDst) Type 

func (bm MatchDst) Type() MatchType

type MatchECN 

type MatchECN struct {
	ECE       bool
	CWR       bool
	ECT       int
	ECEInvert bool
	CWRInvert bool
	ECTInvert bool
	// contains filtered or unexported fields
}

func (MatchECN) AddrType 

func (bm MatchECN) AddrType() network.AddressType

func (MatchECN) Depends 

func (bm MatchECN) Depends() []MatchType

func (MatchECN) Equal 

func (bm MatchECN) Equal(mth Match) bool

func (*MatchECN) Long 

func (mECN *MatchECN) Long() string

func (*MatchECN) LongArgs 

func (mECN *MatchECN) LongArgs() []string

func (*MatchECN) Parse 

func (mECN *MatchECN) Parse(main []byte) (int, bool)

func (*MatchECN) Short 

func (mECN *MatchECN) Short() string

func (*MatchECN) ShortArgs 

func (mECN *MatchECN) ShortArgs() []string

func (MatchECN) Type 

func (bm MatchECN) Type() MatchType

type MatchESP 

type MatchESP struct {
	SPIMin int
	SPIMax int
	// contains filtered or unexported fields
}

func (MatchESP) AddrType 

func (bm MatchESP) AddrType() network.AddressType

func (MatchESP) Depends 

func (bm MatchESP) Depends() []MatchType

func (MatchESP) Equal 

func (bm MatchESP) Equal(mth Match) bool

func (*MatchESP) Long 

func (mESP *MatchESP) Long() string

func (*MatchESP) LongArgs 

func (mESP *MatchESP) LongArgs() []string

func (*MatchESP) Parse 

func (mESP *MatchESP) Parse(main []byte) (int, bool)

func (*MatchESP) Short 

func (mESP *MatchESP) Short() string

func (*MatchESP) ShortArgs 

func (mESP *MatchESP) ShortArgs() []string

func (MatchESP) Type 

func (bm MatchESP) Type() MatchType

type MatchEUI64 

type MatchEUI64 struct {
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric unsupport

func (MatchEUI64) AddrType 

func (bm MatchEUI64) AddrType() network.AddressType

func (MatchEUI64) Depends 

func (bm MatchEUI64) Depends() []MatchType

func (MatchEUI64) Equal 

func (bm MatchEUI64) Equal(mth Match) bool

func (*MatchEUI64) Long 

func (mEUI64 *MatchEUI64) Long() string

func (*MatchEUI64) LongArgs 

func (mEUI64 *MatchEUI64) LongArgs() []string

func (*MatchEUI64) Parse 

func (mEUI64 *MatchEUI64) Parse(main []byte) (int, bool)

func (*MatchEUI64) Short 

func (mEUI64 *MatchEUI64) Short() string

func (*MatchEUI64) ShortArgs 

func (mEUI64 *MatchEUI64) ShortArgs() []string

func (MatchEUI64) Type 

func (bm MatchEUI64) Type() MatchType

type MatchFrag 

type MatchFrag struct {
	IDMin    int
	IDMax    int
	Length   int
	Reserved bool
	First    bool
	Last     bool
	More     bool
	// invert
	IDInvert     bool
	LengthInvert bool
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric unsupport

func (MatchFrag) AddrType 

func (bm MatchFrag) AddrType() network.AddressType

func (MatchFrag) Depends 

func (bm MatchFrag) Depends() []MatchType

func (MatchFrag) Equal 

func (bm MatchFrag) Equal(mth Match) bool

func (*MatchFrag) Long 

func (mFrag *MatchFrag) Long() string

func (*MatchFrag) LongArgs 

func (mFrag *MatchFrag) LongArgs() []string

func (*MatchFrag) Parse 

func (mFrag *MatchFrag) Parse(main []byte) (int, bool)

func (*MatchFrag) Short 

func (mFrag *MatchFrag) Short() string

func (*MatchFrag) ShortArgs 

func (mFrag *MatchFrag) ShortArgs() []string

func (MatchFrag) Type 

func (bm MatchFrag) Type() MatchType

type MatchHBH 

type MatchHBH struct {
	Length  int
	Options []network.IPv6Option
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric unsupport

func (MatchHBH) AddrType 

func (bm MatchHBH) AddrType() network.AddressType

func (MatchHBH) Depends 

func (bm MatchHBH) Depends() []MatchType

func (MatchHBH) Equal 

func (bm MatchHBH) Equal(mth Match) bool

func (*MatchHBH) Long 

func (mHBH *MatchHBH) Long() string

func (*MatchHBH) LongArgs 

func (mHBH *MatchHBH) LongArgs() []string

func (*MatchHBH) Parse 

func (mHBH *MatchHBH) Parse(main []byte) (int, bool)

func (*MatchHBH) Short 

func (mHBH *MatchHBH) Short() string

func (*MatchHBH) ShortArgs 

func (mHBH *MatchHBH) ShortArgs() []string

func (MatchHBH) Type 

func (bm MatchHBH) Type() MatchType

type MatchHL 

type MatchHL struct {
	Operator xtables.Operator
	Value    int
	// contains filtered or unexported fields
}

func (MatchHL) AddrType 

func (bm MatchHL) AddrType() network.AddressType

func (MatchHL) Depends 

func (bm MatchHL) Depends() []MatchType

func (MatchHL) Equal 

func (bm MatchHL) Equal(mth Match) bool

func (*MatchHL) Long 

func (mHL *MatchHL) Long() string

func (*MatchHL) LongArgs 

func (mHL *MatchHL) LongArgs() []string

func (*MatchHL) Parse 

func (mHL *MatchHL) Parse(main []byte) (int, bool)

func (*MatchHL) Short 

func (mHL *MatchHL) Short() string

func (*MatchHL) ShortArgs 

func (mHL *MatchHL) ShortArgs() []string

func (MatchHL) Type 

func (bm MatchHL) Type() MatchType

type MatchHashLimit 

type MatchHashLimit struct {
	Avg                 xtables.Rate // <= avg
	Burst               int
	Mode                HashLimitMode
	SrcMask             int
	DstMask             int
	Name                string
	HashtableSize       int
	HashtableMax        int
	HashtableGCInterval int
	HashtableExpire     int
	RateMatch           bool
	RateInterval        int
	// invert
	AvgInvert bool // > avg, true means above, false means upto
	// contains filtered or unexported fields
}

func (MatchHashLimit) AddrType 

func (bm MatchHashLimit) AddrType() network.AddressType

func (MatchHashLimit) Depends 

func (bm MatchHashLimit) Depends() []MatchType

func (MatchHashLimit) Equal 

func (bm MatchHashLimit) Equal(mth Match) bool

func (*MatchHashLimit) Long 

func (mHashLimit *MatchHashLimit) Long() string

func (MatchHashLimit) LongArgs 

func (bm MatchHashLimit) LongArgs() []string

func (*MatchHashLimit) LongShort 

func (mHashLimit *MatchHashLimit) LongShort() []string

func (*MatchHashLimit) Parse 

func (mHashLimit *MatchHashLimit) Parse(main []byte) (int, bool)

func (*MatchHashLimit) Short 

func (mHashLimit *MatchHashLimit) Short() string

func (*MatchHashLimit) ShortArgs 

func (mHashLimit *MatchHashLimit) ShortArgs() []string

func (MatchHashLimit) Type 

func (bm MatchHashLimit) Type() MatchType

type MatchHelper 

type MatchHelper struct {
	Name string
	// contains filtered or unexported fields
}

func (MatchHelper) AddrType 

func (bm MatchHelper) AddrType() network.AddressType

func (MatchHelper) Depends 

func (bm MatchHelper) Depends() []MatchType

func (MatchHelper) Equal 

func (bm MatchHelper) Equal(mth Match) bool

func (*MatchHelper) Long 

func (mHelper *MatchHelper) Long() string

func (*MatchHelper) LongArgs 

func (mHelper *MatchHelper) LongArgs() []string

func (*MatchHelper) Parse 

func (mHelper *MatchHelper) Parse(main []byte) (int, bool)

func (*MatchHelper) Short 

func (mHelper *MatchHelper) Short() string

func (*MatchHelper) ShortArgs 

func (mHelper *MatchHelper) ShortArgs() []string

func (MatchHelper) Type 

func (bm MatchHelper) Type() MatchType

type MatchICMP 

type MatchICMP struct {
	ICMPType network.ICMPType
	CodeMin  network.ICMPCode
	CodeMax  network.ICMPCode
	// contains filtered or unexported fields
}

IPv6 and IPv4 specific Non-numeric support

func (MatchICMP) AddrType 

func (bm MatchICMP) AddrType() network.AddressType

func (*MatchICMP) Depends 

func (mICMP *MatchICMP) Depends() []MatchType

func (MatchICMP) Equal 

func (bm MatchICMP) Equal(mth Match) bool

func (*MatchICMP) Long 

func (mICMP *MatchICMP) Long() string

func (*MatchICMP) LongArgs 

func (mICMP *MatchICMP) LongArgs() []string

func (*MatchICMP) Parse 

func (mICMP *MatchICMP) Parse(main []byte) (int, bool)

func (*MatchICMP) Short 

func (mICMP *MatchICMP) Short() string

func (*MatchICMP) ShortArgs 

func (mICMP *MatchICMP) ShortArgs() []string

func (MatchICMP) Type 

func (bm MatchICMP) Type() MatchType

type MatchIPRange 

type MatchIPRange struct {
	SrcIPMin    net.IP
	SrcIPMax    net.IP
	DstIPMin    net.IP
	DstIPMax    net.IP
	SrcIPInvert bool
	DstIPInvert bool
	// contains filtered or unexported fields
}

func (MatchIPRange) AddrType 

func (bm MatchIPRange) AddrType() network.AddressType

func (MatchIPRange) Depends 

func (bm MatchIPRange) Depends() []MatchType

func (MatchIPRange) Equal 

func (bm MatchIPRange) Equal(mth Match) bool

func (*MatchIPRange) Long 

func (mIPRange *MatchIPRange) Long() string

func (*MatchIPRange) LongArgs 

func (mIPRange *MatchIPRange) LongArgs() []string

func (*MatchIPRange) Parse 

func (mIPRange *MatchIPRange) Parse(main []byte) (int, bool)

func (*MatchIPRange) Short 

func (mIPRange *MatchIPRange) Short() string

func (*MatchIPRange) ShortArgs 

func (mIPRange *MatchIPRange) ShortArgs() []string

func (MatchIPRange) Type 

func (bm MatchIPRange) Type() MatchType

type MatchIPVS 

type MatchIPVS struct {
	IPVS     bool
	VProto   network.Protocol
	VAddr    network.Address
	VPort    int
	VDir     ConnTrackDir
	VMethod  IPVSMethod
	VPortCtl int
	// invert
	IPVSInvert   bool
	VProtoInvert bool
	VAddrInvert  bool
	VPortInvert  bool
	//VDirInvert     bool
	VMethodInvert  bool
	VPortCtlInvert bool
	// contains filtered or unexported fields
}

func (MatchIPVS) AddrType 

func (bm MatchIPVS) AddrType() network.AddressType

func (MatchIPVS) Depends 

func (bm MatchIPVS) Depends() []MatchType

func (MatchIPVS) Equal 

func (bm MatchIPVS) Equal(mth Match) bool

func (*MatchIPVS) Long 

func (mIPVS *MatchIPVS) Long() string

func (*MatchIPVS) LongArgs 

func (mIPVS *MatchIPVS) LongArgs() []string

func (*MatchIPVS) Parse 

func (mIPVS *MatchIPVS) Parse(main []byte) (int, bool)

func (*MatchIPVS) Short 

func (mIPVS *MatchIPVS) Short() string

func (*MatchIPVS) ShortArgs 

func (mIPVS *MatchIPVS) ShortArgs() []string

func (MatchIPVS) Type 

func (bm MatchIPVS) Type() MatchType

type MatchIPv4 

type MatchIPv4 struct {
	// contains filtered or unexported fields
}

func (MatchIPv4) AddrType 

func (bm MatchIPv4) AddrType() network.AddressType

func (MatchIPv4) Depends 

func (bm MatchIPv4) Depends() []MatchType

func (MatchIPv4) Equal 

func (bm MatchIPv4) Equal(mth Match) bool

func (*MatchIPv4) Long 

func (mIPv4 *MatchIPv4) Long() string

func (*MatchIPv4) LongArgs 

func (mIPv4 *MatchIPv4) LongArgs() []string

func (MatchIPv4) Parse 

func (bm MatchIPv4) Parse(params []byte) (int, bool)

func (*MatchIPv4) Short 

func (mIPv4 *MatchIPv4) Short() string

func (*MatchIPv4) ShortArgs 

func (mIPv4 *MatchIPv4) ShortArgs() []string

func (MatchIPv4) Type 

func (bm MatchIPv4) Type() MatchType

type MatchIPv6 

type MatchIPv6 struct {
	// contains filtered or unexported fields
}

func (MatchIPv6) AddrType 

func (bm MatchIPv6) AddrType() network.AddressType

func (MatchIPv6) Depends 

func (bm MatchIPv6) Depends() []MatchType

func (MatchIPv6) Equal 

func (bm MatchIPv6) Equal(mth Match) bool

func (*MatchIPv6) Long 

func (mIPv6 *MatchIPv6) Long() string

func (*MatchIPv6) LongArgs 

func (mIPv6 *MatchIPv6) LongArgs() []string

func (MatchIPv6) Parse 

func (bm MatchIPv6) Parse(params []byte) (int, bool)

func (*MatchIPv6) Short 

func (mIPv6 *MatchIPv6) Short() string

func (*MatchIPv6) ShortArgs 

func (mIPv6 *MatchIPv6) ShortArgs() []string

func (MatchIPv6) Type 

func (bm MatchIPv6) Type() MatchType

type MatchIPv6Header 

type MatchIPv6Header struct {
	Soft          bool
	IPHeaderTypes []network.IPv6HeaderType
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric support

func (MatchIPv6Header) AddrType 

func (bm MatchIPv6Header) AddrType() network.AddressType

func (MatchIPv6Header) Depends 

func (bm MatchIPv6Header) Depends() []MatchType

func (MatchIPv6Header) Equal 

func (bm MatchIPv6Header) Equal(mth Match) bool

func (*MatchIPv6Header) Long 

func (mIPv6 *MatchIPv6Header) Long() string

func (*MatchIPv6Header) LongArgs 

func (mIPv6 *MatchIPv6Header) LongArgs() []string

func (*MatchIPv6Header) Parse 

func (mIPv6 *MatchIPv6Header) Parse(main []byte) (int, bool)

func (*MatchIPv6Header) Short 

func (mIPv6 *MatchIPv6Header) Short() string

func (*MatchIPv6Header) ShortArgs 

func (mIPv6 *MatchIPv6Header) ShortArgs() []string

func (MatchIPv6Header) Type 

func (bm MatchIPv6Header) Type() MatchType

type MatchInInterface 

type MatchInInterface struct {
	// contains filtered or unexported fields
}

func (MatchInInterface) AddrType 

func (bm MatchInInterface) AddrType() network.AddressType

func (MatchInInterface) Depends 

func (bm MatchInInterface) Depends() []MatchType

func (MatchInInterface) Equal 

func (bm MatchInInterface) Equal(mth Match) bool

func (*MatchInInterface) Long 

func (mInIface *MatchInInterface) Long() string

func (*MatchInInterface) LongArgs 

func (mInIface *MatchInInterface) LongArgs() []string

func (MatchInInterface) Parse 

func (bm MatchInInterface) Parse(params []byte) (int, bool)

func (*MatchInInterface) Short 

func (mInIface *MatchInInterface) Short() string

func (*MatchInInterface) ShortArgs 

func (mInIface *MatchInInterface) ShortArgs() []string

func (MatchInInterface) Type 

func (bm MatchInInterface) Type() MatchType

type MatchLength 

type MatchLength struct {
	LengthMin int
	LengthMax int
	// contains filtered or unexported fields
}

func (MatchLength) AddrType 

func (bm MatchLength) AddrType() network.AddressType

func (MatchLength) Depends 

func (bm MatchLength) Depends() []MatchType

func (MatchLength) Equal 

func (bm MatchLength) Equal(mth Match) bool

func (*MatchLength) Long 

func (mLength *MatchLength) Long() string

func (*MatchLength) LongArgs 

func (mLength *MatchLength) LongArgs() []string

func (*MatchLength) Parse 

func (mLength *MatchLength) Parse(main []byte) (int, bool)

func (*MatchLength) Short 

func (mLength *MatchLength) Short() string

func (*MatchLength) ShortArgs 

func (mLength *MatchLength) ShortArgs() []string

func (MatchLength) Type 

func (bm MatchLength) Type() MatchType

type MatchLimit 

type MatchLimit struct {
	Avg   xtables.Rate
	Burst int
	// contains filtered or unexported fields
}

func (MatchLimit) AddrType 

func (bm MatchLimit) AddrType() network.AddressType

func (MatchLimit) Depends 

func (bm MatchLimit) Depends() []MatchType

func (MatchLimit) Equal 

func (bm MatchLimit) Equal(mth Match) bool

func (*MatchLimit) Long 

func (mLimit *MatchLimit) Long() string

func (*MatchLimit) LongArgs 

func (mLimit *MatchLimit) LongArgs() []string

func (*MatchLimit) Parse 

func (mLimit *MatchLimit) Parse(main []byte) (int, bool)

func (*MatchLimit) Short 

func (mLimit *MatchLimit) Short() string

func (*MatchLimit) ShortArgs 

func (mLimit *MatchLimit) ShortArgs() []string

func (MatchLimit) Type 

func (bm MatchLimit) Type() MatchType

type MatchMAC 

type MatchMAC struct {
	SrcMac net.HardwareAddr
	// contains filtered or unexported fields
}

func (MatchMAC) AddrType 

func (bm MatchMAC) AddrType() network.AddressType

func (MatchMAC) Depends 

func (bm MatchMAC) Depends() []MatchType

func (MatchMAC) Equal 

func (bm MatchMAC) Equal(mth Match) bool

func (*MatchMAC) Long 

func (mMAC *MatchMAC) Long() string

func (*MatchMAC) LongArgs 

func (mMAC *MatchMAC) LongArgs() []string

func (*MatchMAC) Parse 

func (mMAC *MatchMAC) Parse(main []byte) (int, bool)

func (*MatchMAC) Short 

func (mMAC *MatchMAC) Short() string

func (*MatchMAC) ShortArgs 

func (mMAC *MatchMAC) ShortArgs() []string

func (MatchMAC) Type 

func (bm MatchMAC) Type() MatchType

type MatchMH 

type MatchMH struct {
	TypeMin MHType
	TypeMax MHType
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric support

func (MatchMH) AddrType 

func (bm MatchMH) AddrType() network.AddressType

func (MatchMH) Depends 

func (bm MatchMH) Depends() []MatchType

func (MatchMH) Equal 

func (bm MatchMH) Equal(mth Match) bool

func (*MatchMH) Long 

func (mMH *MatchMH) Long() string

func (*MatchMH) LongArgs 

func (mMH *MatchMH) LongArgs() []string

func (*MatchMH) Parse 

func (mMH *MatchMH) Parse(main []byte) (int, bool)

func (*MatchMH) Short 

func (mMH *MatchMH) Short() string

func (*MatchMH) ShortArgs 

func (mMH *MatchMH) ShortArgs() []string

func (MatchMH) Type 

func (bm MatchMH) Type() MatchType

type MatchMark 

type MatchMark struct {
	Value int
	Mask  int
	// contains filtered or unexported fields
}

func (MatchMark) AddrType 

func (bm MatchMark) AddrType() network.AddressType

func (MatchMark) Depends 

func (bm MatchMark) Depends() []MatchType

func (MatchMark) Equal 

func (bm MatchMark) Equal(mth Match) bool

func (*MatchMark) Long 

func (mMark *MatchMark) Long() string

func (*MatchMark) LongArgs 

func (mMark *MatchMark) LongArgs() []string

func (*MatchMark) Parse 

func (mMark *MatchMark) Parse(main []byte) (int, bool)

func (*MatchMark) Short 

func (mMark *MatchMark) Short() string

func (*MatchMark) ShortArgs 

func (mMark *MatchMark) ShortArgs() []string

func (MatchMark) Type 

func (bm MatchMark) Type() MatchType

type MatchMultiPort 

type MatchMultiPort struct {
	SrcPorts []PortRange
	DstPorts []PortRange
	Ports    []PortRange
	// contains filtered or unexported fields
}

func (MatchMultiPort) AddrType 

func (bm MatchMultiPort) AddrType() network.AddressType

func (MatchMultiPort) Depends 

func (bm MatchMultiPort) Depends() []MatchType

func (MatchMultiPort) Equal 

func (bm MatchMultiPort) Equal(mth Match) bool

func (*MatchMultiPort) Long 

func (mMultiPort *MatchMultiPort) Long() string

func (*MatchMultiPort) LongArgs 

func (mMultiPort *MatchMultiPort) LongArgs() []string

func (*MatchMultiPort) Parse 

func (mMultiPort *MatchMultiPort) Parse(main []byte) (int, bool)

func (*MatchMultiPort) Short 

func (mMultiPort *MatchMultiPort) Short() string

func (*MatchMultiPort) ShortArgs 

func (mMultiPort *MatchMultiPort) ShortArgs() []string

func (MatchMultiPort) Type 

func (bm MatchMultiPort) Type() MatchType

type MatchNFAcct 

type MatchNFAcct struct {
	AccountingName string
	// contains filtered or unexported fields
}

func (MatchNFAcct) AddrType 

func (bm MatchNFAcct) AddrType() network.AddressType

func (MatchNFAcct) Depends 

func (bm MatchNFAcct) Depends() []MatchType

func (MatchNFAcct) Equal 

func (bm MatchNFAcct) Equal(mth Match) bool

func (*MatchNFAcct) Long 

func (mNFAcct *MatchNFAcct) Long() string

func (*MatchNFAcct) LongArgs 

func (mNFAcct *MatchNFAcct) LongArgs() []string

func (*MatchNFAcct) Parse 

func (mNFAcct *MatchNFAcct) Parse(main []byte) (int, bool)

func (*MatchNFAcct) Short 

func (mNFAcct *MatchNFAcct) Short() string

func (*MatchNFAcct) ShortArgs 

func (mNFAcct *MatchNFAcct) ShortArgs() []string

func (MatchNFAcct) Type 

func (bm MatchNFAcct) Type() MatchType

type MatchOSF 

type MatchOSF struct {
	Genre    string
	TTLLevel int
	LogLevel int
	// contains filtered or unexported fields
}

func (MatchOSF) AddrType 

func (bm MatchOSF) AddrType() network.AddressType

func (MatchOSF) Depends 

func (bm MatchOSF) Depends() []MatchType

func (MatchOSF) Equal 

func (bm MatchOSF) Equal(mth Match) bool

func (*MatchOSF) Long 

func (mOSF *MatchOSF) Long() string

func (*MatchOSF) LongArgs 

func (mOSF *MatchOSF) LongArgs() []string

func (*MatchOSF) Parse 

func (mOSF *MatchOSF) Parse(main []byte) (int, bool)

func (*MatchOSF) Short 

func (mOSF *MatchOSF) Short() string

func (*MatchOSF) ShortArgs 

func (mOSF *MatchOSF) ShortArgs() []string

func (MatchOSF) Type 

func (bm MatchOSF) Type() MatchType

type MatchOutInterface 

type MatchOutInterface struct {
	// contains filtered or unexported fields
}

func (MatchOutInterface) AddrType 

func (bm MatchOutInterface) AddrType() network.AddressType

func (MatchOutInterface) Depends 

func (bm MatchOutInterface) Depends() []MatchType

func (MatchOutInterface) Equal 

func (bm MatchOutInterface) Equal(mth Match) bool

func (*MatchOutInterface) Long 

func (mOutIface *MatchOutInterface) Long() string

func (*MatchOutInterface) LongArgs 

func (mOutIface *MatchOutInterface) LongArgs() []string

func (MatchOutInterface) Parse 

func (bm MatchOutInterface) Parse(params []byte) (int, bool)

func (*MatchOutInterface) Short 

func (mOutIface *MatchOutInterface) Short() string

func (*MatchOutInterface) ShortArgs 

func (mOutIface *MatchOutInterface) ShortArgs() []string

func (MatchOutInterface) Type 

func (bm MatchOutInterface) Type() MatchType

type MatchOwner 

type MatchOwner struct {
	UidOwnerMin     int
	UidOwnerMax     int
	User            string
	GidOwnerMin     int
	GidOwnerMax     int
	Group           string
	SupplGroups     bool
	HasSocketExists bool
	// invert
	UidOwnerInvert     bool
	GidOwnerInvert     bool
	SocketExistsInvert bool
	// contains filtered or unexported fields
}

func (MatchOwner) AddrType 

func (bm MatchOwner) AddrType() network.AddressType

func (MatchOwner) Depends 

func (bm MatchOwner) Depends() []MatchType

func (MatchOwner) Equal 

func (bm MatchOwner) Equal(mth Match) bool

func (*MatchOwner) Long 

func (mOwner *MatchOwner) Long() string

func (*MatchOwner) LongArgs 

func (mOwner *MatchOwner) LongArgs() []string

func (*MatchOwner) Parse 

func (mOwner *MatchOwner) Parse(main []byte) (int, bool)

func (*MatchOwner) Short 

func (mOwner *MatchOwner) Short() string

func (*MatchOwner) ShortArgs 

func (mOwner *MatchOwner) ShortArgs() []string

func (MatchOwner) Type 

func (bm MatchOwner) Type() MatchType

type MatchPhysDev 

type MatchPhysDev struct {
	PhysDevIn        string
	PhysDevOut       string
	PhysDevIsIn      bool
	PhysDevIsOut     bool
	PhysDevIsBridged bool
	// invert
	PhysDevInInvert        bool
	PhysDevOutInvert       bool
	PhysDevIsInInvert      bool
	PhysDevIsOutInvert     bool
	PhysDevIsBridgedInvert bool
	// contains filtered or unexported fields
}

func (MatchPhysDev) AddrType 

func (bm MatchPhysDev) AddrType() network.AddressType

func (MatchPhysDev) Depends 

func (bm MatchPhysDev) Depends() []MatchType

func (MatchPhysDev) Equal 

func (bm MatchPhysDev) Equal(mth Match) bool

func (*MatchPhysDev) Long 

func (mPhysDev *MatchPhysDev) Long() string

func (*MatchPhysDev) LongArgs 

func (mPhysDev *MatchPhysDev) LongArgs() []string

func (*MatchPhysDev) Parse 

func (mPhysDev *MatchPhysDev) Parse(main []byte) (int, bool)

func (*MatchPhysDev) Short 

func (mPhysDev *MatchPhysDev) Short() string

func (*MatchPhysDev) ShortArgs 

func (mPhysDev *MatchPhysDev) ShortArgs() []string

func (MatchPhysDev) Type 

func (bm MatchPhysDev) Type() MatchType

type MatchPktType 

type MatchPktType struct {
	PktType PktType
	// contains filtered or unexported fields
}

func (MatchPktType) AddrType 

func (bm MatchPktType) AddrType() network.AddressType

func (MatchPktType) Depends 

func (bm MatchPktType) Depends() []MatchType

func (MatchPktType) Equal 

func (bm MatchPktType) Equal(mth Match) bool

func (*MatchPktType) Long 

func (mPktType *MatchPktType) Long() string

func (*MatchPktType) LongArgs 

func (mPktType *MatchPktType) LongArgs() []string

func (*MatchPktType) Parse 

func (mPktType *MatchPktType) Parse(main []byte) (int, bool)

func (*MatchPktType) Short 

func (mPktType *MatchPktType) Short() string

func (*MatchPktType) ShortArgs 

func (mPktType *MatchPktType) ShortArgs() []string

func (MatchPktType) Type 

func (bm MatchPktType) Type() MatchType

type MatchPolicy 

type MatchPolicy struct {
	Dir      xtables.Direction
	Pol      PolicyPol
	Strict   bool
	Elements []*MatchPolicyElement
	// contains filtered or unexported fields
}

func (MatchPolicy) AddrType 

func (bm MatchPolicy) AddrType() network.AddressType

func (MatchPolicy) Depends 

func (bm MatchPolicy) Depends() []MatchType

func (MatchPolicy) Equal 

func (bm MatchPolicy) Equal(mth Match) bool

func (*MatchPolicy) Long 

func (mPolicy *MatchPolicy) Long() string

func (*MatchPolicy) LongArgs 

func (mPolicy *MatchPolicy) LongArgs() []string

func (*MatchPolicy) Parse 

func (mPolicy *MatchPolicy) Parse(main []byte) (int, bool)

func (*MatchPolicy) Short 

func (mPolicy *MatchPolicy) Short() string

func (*MatchPolicy) ShortArgs 

func (mPolicy *MatchPolicy) ShortArgs() []string

func (MatchPolicy) Type 

func (bm MatchPolicy) Type() MatchType

type MatchPolicyElement 

type MatchPolicyElement struct {
	ReqID     int
	SPI       int
	Proto     network.Protocol
	Mode      PolicyMode
	TunnelSrc network.Address
	TunnelDst network.Address
	// invert
	ReqIDInvert     bool
	SPIInvert       bool
	ProtoInvert     bool
	ModeInvert      bool
	TunnelSrcInvert bool
	TunnelDstInvert bool
}

The field won't be use must be set to -1

type MatchProtocol 

type MatchProtocol struct {
	Protocol network.Protocol
	// contains filtered or unexported fields
}

func (MatchProtocol) AddrType 

func (bm MatchProtocol) AddrType() network.AddressType

func (MatchProtocol) Depends 

func (bm MatchProtocol) Depends() []MatchType

func (MatchProtocol) Equal 

func (bm MatchProtocol) Equal(mth Match) bool

func (*MatchProtocol) Long 

func (mProtocol *MatchProtocol) Long() string

func (*MatchProtocol) LongArgs 

func (mProtocol *MatchProtocol) LongArgs() []string

func (MatchProtocol) Parse 

func (bm MatchProtocol) Parse(params []byte) (int, bool)

func (*MatchProtocol) Short 

func (mProtocol *MatchProtocol) Short() string

func (*MatchProtocol) ShortArgs 

func (mProtocol *MatchProtocol) ShortArgs() []string

func (MatchProtocol) Type 

func (bm MatchProtocol) Type() MatchType

type MatchQuota 

type MatchQuota struct {
	Quota int64
	// contains filtered or unexported fields
}

func (MatchQuota) AddrType 

func (bm MatchQuota) AddrType() network.AddressType

func (MatchQuota) Depends 

func (bm MatchQuota) Depends() []MatchType

func (MatchQuota) Equal 

func (bm MatchQuota) Equal(mth Match) bool

func (*MatchQuota) Long 

func (mQuota *MatchQuota) Long() string

func (*MatchQuota) LongArgs 

func (mQuota *MatchQuota) LongArgs() []string

func (*MatchQuota) Parse 

func (mQuota *MatchQuota) Parse(main []byte) (int, bool)

func (*MatchQuota) Short 

func (mQuota *MatchQuota) Short() string

func (*MatchQuota) ShortArgs 

func (mQuota *MatchQuota) ShortArgs() []string

func (MatchQuota) Type 

func (bm MatchQuota) Type() MatchType

type MatchRPFilter 

type MatchRPFilter struct {
	Loose       bool
	ValidMark   bool
	AcceptLocal bool
	Invert      bool
	// contains filtered or unexported fields
}

func (MatchRPFilter) AddrType 

func (bm MatchRPFilter) AddrType() network.AddressType

func (MatchRPFilter) Depends 

func (bm MatchRPFilter) Depends() []MatchType

func (MatchRPFilter) Equal 

func (bm MatchRPFilter) Equal(mth Match) bool

func (*MatchRPFilter) Long 

func (mRPFilter *MatchRPFilter) Long() string

func (*MatchRPFilter) LongArgs 

func (mRPFilter *MatchRPFilter) LongArgs() []string

func (*MatchRPFilter) Parse 

func (mRPFilter *MatchRPFilter) Parse(main []byte) (int, bool)

func (*MatchRPFilter) Short 

func (mRPFilter *MatchRPFilter) Short() string

func (*MatchRPFilter) ShortArgs 

func (mRPFilter *MatchRPFilter) ShortArgs() []string

func (MatchRPFilter) Type 

func (bm MatchRPFilter) Type() MatchType

type MatchRT 

type MatchRT struct {
	RTType      int
	SegsLeftMin int
	SegsLeftMax int
	Length      int
	Reserved    bool              // type == 0
	Addrs       []network.Address // type == 0
	NotStrict   bool              // type == 0
	// invert
	TypeInvert     bool
	SegsLeftInvert bool
	LengthInvert   bool
	// contains filtered or unexported fields
}

IPv6 specific Non-numeric unsupport

func (MatchRT) AddrType 

func (bm MatchRT) AddrType() network.AddressType

func (MatchRT) Depends 

func (bm MatchRT) Depends() []MatchType

func (MatchRT) Equal 

func (bm MatchRT) Equal(mth Match) bool

func (*MatchRT) Long 

func (mRT *MatchRT) Long() string

func (*MatchRT) LongArgs 

func (mRT *MatchRT) LongArgs() []string

func (*MatchRT) Parse 

func (mRT *MatchRT) Parse(main []byte) (int, bool)

func (*MatchRT) Short 

func (mRT *MatchRT) Short() string

func (*MatchRT) ShortArgs 

func (mRT *MatchRT) ShortArgs() []string

func (MatchRT) Type 

func (bm MatchRT) Type() MatchType

type MatchRange 

type MatchRange int
const (
	ANY MatchRange
	ALL
	ONLY
)

func (MatchRange) String 

func (matchRange MatchRange) String() string

type MatchRateEst 

type MatchRateEst struct {
	RateestDelta bool
	Operator     xtables.Operator
	Name         string
	Rateest1     string
	Rateest2     string
	Relative     bool
	RateestBPS   int // in bytes
	RateestPPS   int
	RateestBPS1  int // in bytes
	RateestPPS1  int
	RateestBPS2  int // in bytes
	RateestPPS2  int
	// contains filtered or unexported fields
}

func (MatchRateEst) AddrType 

func (bm MatchRateEst) AddrType() network.AddressType

func (MatchRateEst) Depends 

func (bm MatchRateEst) Depends() []MatchType

func (MatchRateEst) Equal 

func (bm MatchRateEst) Equal(mth Match) bool

func (*MatchRateEst) Long 

func (mRateEst *MatchRateEst) Long() string

func (*MatchRateEst) LongArgs 

func (mRateEst *MatchRateEst) LongArgs() []string

func (*MatchRateEst) Parse 

func (mRateEst *MatchRateEst) Parse(main []byte) (int, bool)

func (*MatchRateEst) Short 

func (mRateEst *MatchRateEst) Short() string

func (*MatchRateEst) ShortArgs 

func (mRateEst *MatchRateEst) ShortArgs() []string

func (MatchRateEst) Type 

func (bm MatchRateEst) Type() MatchType

type MatchRealm 

type MatchRealm struct {
	Value int
	Mask  int
	// contains filtered or unexported fields
}

IPv4 specific Non-numeric support see http://linux-ip.net/gl/ip-cref/ip-cref-node172.html

func (MatchRealm) AddrType 

func (bm MatchRealm) AddrType() network.AddressType

func (MatchRealm) Depends 

func (bm MatchRealm) Depends() []MatchType

func (MatchRealm) Equal 

func (bm MatchRealm) Equal(mth Match) bool

func (*MatchRealm) Long 

func (mRealm *MatchRealm) Long() string

func (*MatchRealm) LongArgs 

func (mRealm *MatchRealm) LongArgs() []string

func (*MatchRealm) Parse 

func (mRealm *MatchRealm) Parse(main []byte) (int, bool)

func (*MatchRealm) Short 

func (mRealm *MatchRealm) Short() string

func (*MatchRealm) ShortArgs 

func (mRealm *MatchRealm) ShortArgs() []string

func (MatchRealm) Type 

func (bm MatchRealm) Type() MatchType

type MatchRecent 

type MatchRecent struct {
	Name   string
	Set    bool
	RCheck bool
	Update bool
	Remove bool

	RSource  bool
	RDest    bool
	Seconds  int
	Reap     bool
	HitCount int
	RTTL     bool
	Mask     net.IPMask
	// contains filtered or unexported fields
}

func (MatchRecent) AddrType 

func (bm MatchRecent) AddrType() network.AddressType

func (MatchRecent) Depends 

func (bm MatchRecent) Depends() []MatchType

func (MatchRecent) Equal 

func (bm MatchRecent) Equal(mth Match) bool

func (*MatchRecent) Long 

func (mRecent *MatchRecent) Long() string

func (*MatchRecent) LongArgs 

func (mRecent *MatchRecent) LongArgs() []string

func (*MatchRecent) Parse 

func (mRecent *MatchRecent) Parse(main []byte) (int, bool)

func (*MatchRecent) Short 

func (mRecent *MatchRecent) Short() string

func (*MatchRecent) ShortArgs 

func (mRecent *MatchRecent) ShortArgs() []string

func (MatchRecent) Type 

func (bm MatchRecent) Type() MatchType

type MatchSCTP 

type MatchSCTP struct {
	SrcPortMin int
	SrcPortMax int
	DstPortMin int
	DstPortMax int
	Chunks     []Chunk
	Range      MatchRange
	// invert
	SrcPortInvert bool
	DstPortInvert bool
	ChunksInvert  bool
	// contains filtered or unexported fields
}

func (MatchSCTP) AddrType 

func (bm MatchSCTP) AddrType() network.AddressType

func (MatchSCTP) Depends 

func (bm MatchSCTP) Depends() []MatchType

func (MatchSCTP) Equal 

func (bm MatchSCTP) Equal(mth Match) bool

func (*MatchSCTP) Long 

func (mSCTP *MatchSCTP) Long() string

func (*MatchSCTP) LongArgs 

func (mSCTP *MatchSCTP) LongArgs() []string

func (*MatchSCTP) Parse 

func (mSCTP *MatchSCTP) Parse(main []byte) (int, bool)

func (*MatchSCTP) Short 

func (mSCTP *MatchSCTP) Short() string

func (*MatchSCTP) ShortArgs 

func (mSCTP *MatchSCTP) ShortArgs() []string

func (MatchSCTP) Type 

func (bm MatchSCTP) Type() MatchType

type MatchSet 

type MatchSet struct {
	SetName              string
	Flags                []Flag
	ReturnNoMatch        bool
	SkipCounterUpdate    bool
	SkipSubCounterUpdate bool
	PacketsEQ            int
	PacketsLT            int
	PacketsGT            int
	BytesEQ              int
	BytesLT              int
	BytesGT              int
	// invert
	SetNameInvert   bool
	PacketsEQInvert bool
	BytesEQInvert   bool
	// contains filtered or unexported fields
}

func (MatchSet) AddrType 

func (bm MatchSet) AddrType() network.AddressType

func (MatchSet) Depends 

func (bm MatchSet) Depends() []MatchType

func (MatchSet) Equal 

func (bm MatchSet) Equal(mth Match) bool

func (*MatchSet) Long 

func (mSet *MatchSet) Long() string

func (*MatchSet) LongArgs 

func (mSet *MatchSet) LongArgs() []string

func (*MatchSet) Parse 

func (mSet *MatchSet) Parse(main []byte) (int, bool)

func (*MatchSet) Short 

func (mSet *MatchSet) Short() string

func (*MatchSet) ShortArgs 

func (mSet *MatchSet) ShortArgs() []string

func (MatchSet) Type 

func (bm MatchSet) Type() MatchType

type MatchSocket 

type MatchSocket struct {
	Transparent   bool
	NoWildcard    bool
	RestoreSKMark bool
	// contains filtered or unexported fields
}

func (MatchSocket) AddrType 

func (bm MatchSocket) AddrType() network.AddressType

func (MatchSocket) Depends 

func (bm MatchSocket) Depends() []MatchType

func (MatchSocket) Equal 

func (bm MatchSocket) Equal(mth Match) bool

func (*MatchSocket) Long 

func (mSocket *MatchSocket) Long() string

func (*MatchSocket) LongArgs 

func (mSocket *MatchSocket) LongArgs() []string

func (*MatchSocket) Parse 

func (mSocket *MatchSocket) Parse(main []byte) (int, bool)

func (*MatchSocket) Short 

func (mSocket *MatchSocket) Short() string

func (*MatchSocket) ShortArgs 

func (mSocket *MatchSocket) ShortArgs() []string

func (MatchSocket) Type 

func (bm MatchSocket) Type() MatchType

type MatchSource 

type MatchSource struct {
	// contains filtered or unexported fields
}

func (MatchSource) AddrType 

func (bm MatchSource) AddrType() network.AddressType

func (MatchSource) Depends 

func (bm MatchSource) Depends() []MatchType

func (MatchSource) Equal 

func (bm MatchSource) Equal(mth Match) bool

func (*MatchSource) Long 

func (mSrc *MatchSource) Long() string

func (*MatchSource) LongArgs 

func (mSrc *MatchSource) LongArgs() []string

func (MatchSource) Parse 

func (bm MatchSource) Parse(params []byte) (int, bool)

func (*MatchSource) Short 

func (mSrc *MatchSource) Short() string

func (*MatchSource) ShortArgs 

func (mSrc *MatchSource) ShortArgs() []string

func (MatchSource) Type 

func (bm MatchSource) Type() MatchType

type MatchState 

type MatchState struct {
	State ConnTrackState
	// contains filtered or unexported fields
}

func (MatchState) AddrType 

func (bm MatchState) AddrType() network.AddressType

func (MatchState) Depends 

func (bm MatchState) Depends() []MatchType

func (MatchState) Equal 

func (bm MatchState) Equal(mth Match) bool

func (*MatchState) Long 

func (mState *MatchState) Long() string

func (*MatchState) LongArgs 

func (mState *MatchState) LongArgs() []string

func (*MatchState) Parse 

func (mState *MatchState) Parse(main []byte) (int, bool)

func (*MatchState) Short 

func (mState *MatchState) Short() string

func (*MatchState) ShortArgs 

func (mState *MatchState) ShortArgs() []string

func (MatchState) Type 

func (bm MatchState) Type() MatchType

type MatchStatistic 

type MatchStatistic struct {
	Mode        StatisticMode
	Probability float64
	Every       int
	Packet      int
	// invert
	ProbabilityInvert bool
	EveryInvert       bool
	// contains filtered or unexported fields
}

func (MatchStatistic) AddrType 

func (bm MatchStatistic) AddrType() network.AddressType

func (MatchStatistic) Depends 

func (bm MatchStatistic) Depends() []MatchType

func (MatchStatistic) Equal 

func (bm MatchStatistic) Equal(mth Match) bool

func (*MatchStatistic) Long 

func (mStatis *MatchStatistic) Long() string

func (*MatchStatistic) LongArgs 

func (mStatis *MatchStatistic) LongArgs() []string

func (*MatchStatistic) Parse 

func (mStatis *MatchStatistic) Parse(main []byte) (int, bool)

func (*MatchStatistic) Short 

func (mStatis *MatchStatistic) Short() string

func (*MatchStatistic) ShortArgs 

func (mStatis *MatchStatistic) ShortArgs() []string

func (MatchStatistic) Type 

func (bm MatchStatistic) Type() MatchType

type MatchString 

type MatchString struct {
	Algo       StringAlgo
	From       int
	To         int
	Pattern    string
	HexPattern []byte
	IgnoreCase bool
	// invert
	PatternInvert    bool
	HexPatternInvert bool
	// contains filtered or unexported fields
}

func (MatchString) AddrType 

func (bm MatchString) AddrType() network.AddressType

func (MatchString) Depends 

func (bm MatchString) Depends() []MatchType

func (MatchString) Equal 

func (bm MatchString) Equal(mth Match) bool

func (*MatchString) Long 

func (mString *MatchString) Long() string

func (*MatchString) LongArgs 

func (mString *MatchString) LongArgs() []string

func (*MatchString) Parse 

func (mString *MatchString) Parse(main []byte) (int, bool)

func (*MatchString) Short 

func (mString *MatchString) Short() string

func (*MatchString) ShortArgs 

func (mString *MatchString) ShortArgs() []string

func (MatchString) Type 

func (bm MatchString) Type() MatchType

type MatchTCP 

type MatchTCP struct {
	SrcPortMin int
	SrcPortMax int
	DstPortMin int
	DstPortMax int
	FlagsMask  network.TCPFlag
	FlagsSet   network.TCPFlag
	Option     int
	// invert
	SrcPortInvert bool
	DstPortInvert bool
	FlagsInvert   bool
	OptionInvert  bool
	// contains filtered or unexported fields
}

func (MatchTCP) AddrType 

func (bm MatchTCP) AddrType() network.AddressType

func (MatchTCP) Depends 

func (bm MatchTCP) Depends() []MatchType

func (MatchTCP) Equal 

func (bm MatchTCP) Equal(mth Match) bool

func (*MatchTCP) Long 

func (mTCP *MatchTCP) Long() string

func (*MatchTCP) LongArgs 

func (mTCP *MatchTCP) LongArgs() []string

func (*MatchTCP) Parse 

func (mTCP *MatchTCP) Parse(main []byte) (int, bool)

TODO support service name

func (*MatchTCP) Short 

func (mTCP *MatchTCP) Short() string

func (*MatchTCP) ShortArgs 

func (mTCP *MatchTCP) ShortArgs() []string

func (MatchTCP) Type 

func (bm MatchTCP) Type() MatchType

type MatchTCPMSS 

type MatchTCPMSS struct {
	MSSMin int
	MSSMax int
	// contains filtered or unexported fields
}

func (MatchTCPMSS) AddrType 

func (bm MatchTCPMSS) AddrType() network.AddressType

func (MatchTCPMSS) Depends 

func (bm MatchTCPMSS) Depends() []MatchType

func (MatchTCPMSS) Equal 

func (bm MatchTCPMSS) Equal(mth Match) bool

func (*MatchTCPMSS) Long 

func (mTCPMSS *MatchTCPMSS) Long() string

func (*MatchTCPMSS) LongArgs 

func (mTCPMSS *MatchTCPMSS) LongArgs() []string

func (*MatchTCPMSS) Parse 

func (mTCPMSS *MatchTCPMSS) Parse(main []byte) (int, bool)

func (*MatchTCPMSS) Short 

func (mTCPMSS *MatchTCPMSS) Short() string

func (*MatchTCPMSS) ShortArgs 

func (mTCPMSS *MatchTCPMSS) ShortArgs() []string

func (MatchTCPMSS) Type 

func (bm MatchTCPMSS) Type() MatchType

type MatchTOS 

type MatchTOS struct {
	Value network.TOS
	Mask  network.TOS
	// contains filtered or unexported fields
}

func (MatchTOS) AddrType 

func (bm MatchTOS) AddrType() network.AddressType

func (MatchTOS) Depends 

func (bm MatchTOS) Depends() []MatchType

func (MatchTOS) Equal 

func (bm MatchTOS) Equal(mth Match) bool

func (*MatchTOS) Long 

func (mTOS *MatchTOS) Long() string

func (*MatchTOS) LongArgs 

func (mTOS *MatchTOS) LongArgs() []string

func (*MatchTOS) Parse 

func (mTOS *MatchTOS) Parse(main []byte) (int, bool)

func (*MatchTOS) Short 

func (mTOS *MatchTOS) Short() string

func (*MatchTOS) ShortArgs 

func (mTOS *MatchTOS) ShortArgs() []string

func (MatchTOS) Type 

func (bm MatchTOS) Type() MatchType

type MatchTTL 

type MatchTTL struct {
	Operator xtables.Operator
	Value    int
	// contains filtered or unexported fields
}

IPv4 specific Non-numeric unsupport

func (MatchTTL) AddrType 

func (bm MatchTTL) AddrType() network.AddressType

func (MatchTTL) Depends 

func (bm MatchTTL) Depends() []MatchType

func (MatchTTL) Equal 

func (bm MatchTTL) Equal(mth Match) bool

func (MatchTTL) Long 

func (bm MatchTTL) Long() string

func (MatchTTL) LongArgs 

func (bm MatchTTL) LongArgs() []string

func (*MatchTTL) Parse 

func (mTTL *MatchTTL) Parse(main []byte) (int, bool)

func (MatchTTL) Short 

func (bm MatchTTL) Short() string

func (*MatchTTL) ShortArgs 

func (mTTL *MatchTTL) ShortArgs() []string

func (MatchTTL) Type 

func (bm MatchTTL) Type() MatchType

type MatchTime 

type MatchTime struct {
	DaytimeStart *xtables.Daytime
	DaytimeStop  *xtables.Daytime
	DateStart    *xtables.Date
	DateStop     *xtables.Date
	Weekdays     xtables.Weekday
	Monthdays    xtables.Monthday
	KernelTZ     bool
	Contiguous   bool
	// contains filtered or unexported fields
}

func (MatchTime) AddrType 

func (bm MatchTime) AddrType() network.AddressType

func (MatchTime) Depends 

func (bm MatchTime) Depends() []MatchType

func (MatchTime) Equal 

func (bm MatchTime) Equal(mth Match) bool

func (MatchTime) Long 

func (bm MatchTime) Long() string

func (MatchTime) LongArgs 

func (bm MatchTime) LongArgs() []string

func (*MatchTime) Parse 

func (mTime *MatchTime) Parse(main []byte) (int, bool)

func (MatchTime) Short 

func (bm MatchTime) Short() string

func (*MatchTime) ShortArgs 

func (mTime *MatchTime) ShortArgs() []string

There are bugs in iptables, the inverts of weekdays and monthdays weren't be printed.

func (MatchTime) Type 

func (bm MatchTime) Type() MatchType

type MatchType 

type MatchType int
const (
	MatchTypeAddrType MatchType = iota
	MatchTypeAH                 // Both IPv4 & IPv6 specific
	MatchTypeBPF
	MatchTypeCGroup
	MatchTypeCluster
	MatchTypeComment
	MatchTypeConnBytes
	MatchTypeConnLabel
	MatchTypeConnLimit
	MatchTypeConnMark
	MatchTypeConnTrack
	MatchTypeCPU
	MatchTypeDCCP
	MatchTypeDestination // option
	MatchTypeDevGroup
	MatchTypeDSCP
	MatchTypeDst // IPv6-specific
	MatchTypeECN
	MatchTypeESP
	MatchTypeEUI64 // IPv6-specific
	MatchTypeFrag  // IPv6-specific
	MatchTypeHashLimit
	MatchTypeHBH // IPv6-specific, Hop-by-Hop
	MatchTypeHelper
	MatchTypeHL          // IPv6-specific, Hop Limit
	MatchTypeICMP        // both IPv6 & IPv4-specific
	MatchTypeInInterface // option
	MatchTypeIPRange
	MatchTypeIPv4       // option
	MatchTypeIPv6       // option
	MatchTypeIPv6Header // IPv6-specific
	MatchTypeIPVS
	MatchTypeLength
	MatchTypeLimit
	MatchTypeMAC
	MatchTypeMark
	MatchTypeMH // IPv6-specific
	MatchTypeMultiPort
	MatchTypeNFAcct
	MatchTypeOSF
	MatchTypeOutInterface // option
	MatchTypeOwner
	MatchTypePhysDev
	MatchTypePktType
	MatchTypePolicy
	MatchTypeProtocol // option
	MatchTypeQuota
	MatchTypeRateEst
	MatchTypeRealm // IPv4-specific
	MatchTypeRecent
	MatchTypeRPFilter
	MatchTypeRT // IPv6-specific
	MatchTypeSCTP
	MatchTypeSet
	MatchTypeSocket
	MatchTypeSource // option
	MatchTypeSRH    // unsupport
	MatchTypeState
	MatchTypeStatistic
	MatchTypeString
	MatchTypeTCP
	MatchTypeTCPMSS
	MatchTypeTime
	MatchTypeTOS
	MatchTypeTTL // IPv4-specific
	MatchTypeU32
	MatchTypeUDP
	MatchTypeUnclean // unsupport
)

func (MatchType) String 

func (mt MatchType) String() string

func (MatchType) Type 

func (mt MatchType) Type() string

func (MatchType) Value 

func (mt MatchType) Value() string

type MatchU32 

type MatchU32 struct {
	Tests string
	// contains filtered or unexported fields
}

func (MatchU32) AddrType 

func (bm MatchU32) AddrType() network.AddressType

func (MatchU32) Depends 

func (bm MatchU32) Depends() []MatchType

func (MatchU32) Equal 

func (bm MatchU32) Equal(mth Match) bool

func (*MatchU32) Long 

func (mU32 *MatchU32) Long() string

func (*MatchU32) LongArgs 

func (mU32 *MatchU32) LongArgs() []string

func (*MatchU32) Parse 

func (mU32 *MatchU32) Parse(main []byte) (int, bool)

func (*MatchU32) Short 

func (mU32 *MatchU32) Short() string

func (*MatchU32) ShortArgs 

func (mU32 *MatchU32) ShortArgs() []string

func (MatchU32) Type 

func (bm MatchU32) Type() MatchType

type MatchUDP 

type MatchUDP struct {
	SrcPortMin int
	SrcPortMax int
	DstPortMin int
	DstPortMax int
	// invert
	SrcPortInvert bool
	DstPortInvert bool
	// contains filtered or unexported fields
}

func (MatchUDP) AddrType 

func (bm MatchUDP) AddrType() network.AddressType

func (MatchUDP) Depends 

func (bm MatchUDP) Depends() []MatchType

func (MatchUDP) Equal 

func (bm MatchUDP) Equal(mth Match) bool

func (*MatchUDP) Long 

func (mUDP *MatchUDP) Long() string

func (*MatchUDP) LongArgs 

func (mUDP *MatchUDP) LongArgs() []string

func (*MatchUDP) Parse 

func (mUDP *MatchUDP) Parse(main []byte) (int, bool)

func (*MatchUDP) Short 

func (mUDP *MatchUDP) Short() string

func (*MatchUDP) ShortArgs 

func (mUDP *MatchUDP) ShortArgs() []string

func (MatchUDP) Type 

func (bm MatchUDP) Type() MatchType

type NewChain 

type NewChain struct {
	// contains filtered or unexported fields
}

func (*NewChain) Long 

func (cmd *NewChain) Long() string

func (*NewChain) LongArgs 

func (cmd *NewChain) LongArgs() []string

func (NewChain) SetChainType 

func (bc NewChain) SetChainType(chain ChainType)

func (*NewChain) Short 

func (cmd *NewChain) Short() string

func (*NewChain) ShortArgs 

func (cmd *NewChain) ShortArgs() []string

func (NewChain) Type 

func (bc NewChain) Type() CommandType

type Option 

type Option interface {
	Type() OptionType
	Short() string
	ShortArgs() []string
	Long() string
	LongArgs() []string
	Equal(Option) bool
}

type OptionCommandDelete 

type OptionCommandDelete func(*Delete)

func WithCommandDeleteRuleNumber 

func WithCommandDeleteRuleNumber(num int) OptionCommandDelete

type OptionCommandInsert 

type OptionCommandInsert func(*Insert)

func WithCommandInsertRuleNumber 

func WithCommandInsertRuleNumber(num int) OptionCommandInsert

type OptionCommandZero 

type OptionCommandZero func(*Zero)

func WithCommandZeroRuleNumber 

func WithCommandZeroRuleNumber(num int) OptionCommandZero

type OptionCounters 

type OptionCounters struct {
	// contains filtered or unexported fields
}

func (OptionCounters) Equal 

func (bo OptionCounters) Equal(opt Option) bool

func (*OptionCounters) Long 

func (opt *OptionCounters) Long() string

func (*OptionCounters) LongArgs 

func (opt *OptionCounters) LongArgs() []string

func (*OptionCounters) Short 

func (opt *OptionCounters) Short() string

func (*OptionCounters) ShortArgs 

func (opt *OptionCounters) ShortArgs() []string

func (OptionCounters) Type 

func (bo OptionCounters) Type() OptionType

type OptionExact 

type OptionExact struct {
	// contains filtered or unexported fields
}

Display the exact value of the packet and byte counters, instead of only the rounded number in K's(multiples of 1000) M's(multiples of 1000K) or G's(multiples of 1000M). this option if only relevant for the List command.

func (OptionExact) Equal 

func (bo OptionExact) Equal(opt Option) bool

func (*OptionExact) Long 

func (opt *OptionExact) Long() string

func (*OptionExact) LongArgs 

func (opt *OptionExact) LongArgs() []string

func (*OptionExact) Short 

func (opt *OptionExact) Short() string

func (*OptionExact) ShortArgs 

func (opt *OptionExact) ShortArgs() []string

func (OptionExact) Type 

func (bo OptionExact) Type() OptionType

type OptionFragment 

type OptionFragment struct {
	// contains filtered or unexported fields
}

func (OptionFragment) Equal 

func (bo OptionFragment) Equal(opt Option) bool

func (*OptionFragment) Long 

func (opt *OptionFragment) Long() string

func (*OptionFragment) LongArgs 

func (opt *OptionFragment) LongArgs() []string

func (*OptionFragment) Short 

func (opt *OptionFragment) Short() string

func (*OptionFragment) ShortArgs 

func (opt *OptionFragment) ShortArgs() []string

func (OptionFragment) Type 

func (bo OptionFragment) Type() OptionType

type OptionLineNumbers 

type OptionLineNumbers struct {
	// contains filtered or unexported fields
}

List with line numbers of each rule, corresponding to that rule's position in the chain.

func (OptionLineNumbers) Equal 

func (bo OptionLineNumbers) Equal(opt Option) bool

func (OptionLineNumbers) Long 

func (bo OptionLineNumbers) Long() string

func (OptionLineNumbers) LongArgs 

func (bo OptionLineNumbers) LongArgs() []string

func (*OptionLineNumbers) Short 

func (opt *OptionLineNumbers) Short() string

func (*OptionLineNumbers) ShortArgs 

func (opt *OptionLineNumbers) ShortArgs() []string

func (OptionLineNumbers) Type 

func (bo OptionLineNumbers) Type() OptionType

type OptionMatchAH 

type OptionMatchAH func(*MatchAH)

func WithMatchAHReserved 

func WithMatchAHReserved() OptionMatchAH

Matches if the reserved field is filled with zero

func WithMatchAHSPI 

func WithMatchAHSPI(invert bool, spi ...int) OptionMatchAH

This option takes mostly 2 spis, (min) or (min, max) Matches SPI

func WithMatchAHSPILength 

func WithMatchAHSPILength(invert bool, length int) OptionMatchAH

Total length of this header in octets

type OptionMatchAddrType 

type OptionMatchAddrType func(*MatchAddrType)

func WithMatchAddrLimitIfaceIn 

func WithMatchAddrLimitIfaceIn() OptionMatchAddrType

The address type checking can be limited to the interface the packet is coming in. This option is only valid in the PREROUTING, INPUT and FORWARD chains.

func WithMatchAddrLimitIfaceOut 

func WithMatchAddrLimitIfaceOut() OptionMatchAddrType

The address type checking can be limited to the interface the packet is going out. This option is only valid in the POSTROUTING, OUTPUT and FORWARD chains.

func WithMatchAddrTypeDstType 

func WithMatchAddrTypeDstType(invert bool, dstType AddrType) OptionMatchAddrType

Matches if the destination address is of given type.

func WithMatchAddrTypeSrcType 

func WithMatchAddrTypeSrcType(invert bool, srcType AddrType) OptionMatchAddrType

Matches if the source address is of given type.

type OptionMatchBPF 

type OptionMatchBPF func(*MatchBPF)

func WithMatchBPFCode 

func WithMatchBPFCode(code string) OptionMatchBPF

Pass the BPF byte code format. see iptables manual.

func WithMatchBPFObjectPinnedPath 

func WithMatchBPFObjectPinnedPath(path string) OptionMatchBPF

Pass a path to a pinned eBPF object.

type OptionMatchCGroup 

type OptionMatchCGroup func(*MatchCGroup)

func WithMatchCGroupClassID 

func WithMatchCGroupClassID(invert bool, classid int) OptionMatchCGroup

Match corresponding cgroup for this packet. Can be used to assign particular firewall policies for aggregated task/jobs on the system. This allows for more fine-grained firewall policies that only match for a subset of the system's processes. fwid is the maker set through the net_cls cgroup's id.

func WithMatchCGroupPath 

func WithMatchCGroupPath(invert bool, path string) OptionMatchCGroup

Match cgroup2 membership.

type OptionMatchCluster 

type OptionMatchCluster func(*MatchCluster)

func WithMatchClusterHashSeed 

func WithMatchClusterHashSeed(seed int64) OptionMatchCluster

Set seed value of the Jenkins hash.

func WithMatchClusterLocalNode 

func WithMatchClusterLocalNode(localNode int64) OptionMatchCluster

Set the local node number ID.

func WithMatchClusterLocalNodeMask 

func WithMatchClusterLocalNodeMask(mask int64) OptionMatchCluster

Set the local node number ID mask.

func WithMatchClusterTotalNodes 

func WithMatchClusterTotalNodes(total int) OptionMatchCluster

Set number of total nodes in cluster.

type OptionMatchConnBytes 

type OptionMatchConnBytes func(*MatchConnBytes)

func WithMatchConnBytes 

func WithMatchConnBytes(invert bool, bytes ...int64) OptionMatchConnBytes

Match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done.

func WithMatchConnBytesDirection 

func WithMatchConnBytesDirection(dir ConnTrackDir) OptionMatchConnBytes

Which packets to consider

func WithMatchConnBytesMode 

func WithMatchConnBytesMode(mode ConnBytesMode) OptionMatchConnBytes

Whether to check the amount of packets, number of bytes transferred or the average size (in bytes) of all packets received so far. Note that when "both" is used together with "avgpkt", and data is going (mainly) only in one direction (for example HTTP), the average packet size will be about half of the actual data packets.

type OptionMatchConnLabel 

type OptionMatchConnLabel func(*MatchConnLabel)

func WithMatchConnLabel 

func WithMatchConnLabel(invert bool, label int) OptionMatchConnLabel

Matches if label number has been set on a connection. Check /etc/xtables/connlabel.conf

func WithMatchConnLabelName 

func WithMatchConnLabelName(invert bool, name string) OptionMatchConnLabel

Matches if label name has been set on a connection.

func WithMatchConnLabelSet 

func WithMatchConnLabelSet() OptionMatchConnLabel

If the label has not been set on the connection, set it.

type OptionMatchConnLimit 

type OptionMatchConnLimit func(*MatchConnLimit)

func WithMatchConnLimitAbove 

func WithMatchConnLimitAbove(above int) OptionMatchConnLimit

Match if the number of existing connections is above n.

func WithMatchConnLimitDstAddr 

func WithMatchConnLimitDstAddr() OptionMatchConnLimit

Apply the limit onto the destination group.

func WithMatchConnLimitMask 

func WithMatchConnLimitMask(mask int) OptionMatchConnLimit

Group hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32. For IPv6, between 0 and 128. If not specified, the maximum prefix length for the applicable protocol is used.

func WithMatchConnLimitSrcAddr 

func WithMatchConnLimitSrcAddr() OptionMatchConnLimit

Apply the limit onto the source group.

func WithMatchConnLimitUpto 

func WithMatchConnLimitUpto(upto int) OptionMatchConnLimit

Match if the number of existing connections is below or equal n.

type OptionMatchConnTrack 

type OptionMatchConnTrack func(*MatchConnTrack)

func WithMatchConnTrackDirection 

func WithMatchConnTrackDirection(dir ConnTrackDir) OptionMatchConnTrack

func WithMatchConnTrackExpire 

func WithMatchConnTrackExpire(invert bool, time ...int) OptionMatchConnTrack

This option takes mostly 2 time, (min) or (min, max)

func WithMatchConnTrackOriginDst 

func WithMatchConnTrackOriginDst(invert bool, addr *net.IPNet) OptionMatchConnTrack

func WithMatchConnTrackOriginDstPort 

func WithMatchConnTrackOriginDstPort(invert bool, port ...int) OptionMatchConnTrack

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchConnTrackOriginSrc 

func WithMatchConnTrackOriginSrc(invert bool, addr *net.IPNet) OptionMatchConnTrack

func WithMatchConnTrackOriginSrcPort 

func WithMatchConnTrackOriginSrcPort(invert bool, port ...int) OptionMatchConnTrack

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchConnTrackProtocol 

func WithMatchConnTrackProtocol(proto network.Protocol) OptionMatchConnTrack

Layer-4 protocol to match

func WithMatchConnTrackReplyDst 

func WithMatchConnTrackReplyDst(invert bool, addr *net.IPNet) OptionMatchConnTrack

func WithMatchConnTrackReplyDstPort 

func WithMatchConnTrackReplyDstPort(invert bool, port ...int) OptionMatchConnTrack

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchConnTrackReplySrc 

func WithMatchConnTrackReplySrc(invert bool, addr *net.IPNet) OptionMatchConnTrack

func WithMatchConnTrackReplySrcPort 

func WithMatchConnTrackReplySrcPort(invert bool, port ...int) OptionMatchConnTrack

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchConnTrackState 

func WithMatchConnTrackState(states ...ConnTrackState) OptionMatchConnTrack

func WithMatchConnTrackStatus 

func WithMatchConnTrackStatus(statuses ...ConnTrackStatus) OptionMatchConnTrack

type OptionMatchDCCP 

type OptionMatchDCCP func(*MatchDCCP)

func WithMatchDCCOption 

func WithMatchDCCOption(invert bool, option int) OptionMatchDCCP

Match if DCCP option set.

func WithMatchDCCPDstPort 

func WithMatchDCCPDstPort(invert bool, port ...int) OptionMatchDCCP

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchDCCPMask 

func WithMatchDCCPMask(invert bool, types ...DCCPType) OptionMatchDCCP

Match when the DCCP packet type in types.

func WithMatchDCCPSrcPort 

func WithMatchDCCPSrcPort(invert bool, port ...int) OptionMatchDCCP

This option takes mostly 2 ports, (min) or (min, max)

type OptionMatchDSCP 

type OptionMatchDSCP func(*MatchDSCP)

func WithMatchDSCPClass 

func WithMatchDSCPClass(invert bool, class DSCPClass) OptionMatchDSCP

func WithMatchDSCPValue 

func WithMatchDSCPValue(invert bool, value int) OptionMatchDSCP

Match against a numeric value [0-63].

type OptionMatchDevGroup 

type OptionMatchDevGroup func(*MatchDevGroup)

func WithMatchDevGroupDst 

func WithMatchDevGroupDst(invert bool, dst int64) OptionMatchDevGroup

Match device group of outgoing device.

func WithMatchDevGroupSrc 

func WithMatchDevGroupSrc(invert bool, src int64) OptionMatchDevGroup

Match device group of incoming device.

type OptionMatchDst 

type OptionMatchDst func(*MatchDst)

func WithMatchDstLen 

func WithMatchDstLen(invert bool, length int) OptionMatchDst

Total length of this header in octets.

func WithMatchDstOpts 

func WithMatchDstOpts(opts ...network.IPv6Option) OptionMatchDst

Numeric type of option and the length of the option data in octets.

type OptionMatchECN 

type OptionMatchECN func(*MatchECN)

func WithMatchECNCWR 

func WithMatchECNCWR(invert bool) OptionMatchECN

This matches if the TCP ECN CWR (Congestion Window Received) bit is set.

func WithMatchECNECE 

func WithMatchECNECE(invert bool) OptionMatchECN

This matches if the TCP ECN ECE (ECN Echo) bit is set.

func WithMatchECNECT 

func WithMatchECNECT(invert bool, ect int) OptionMatchECN

This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to specify a number between `0' and `3'.

type OptionMatchFrag 

type OptionMatchFrag func(*MatchFrag)

func WithMatchFragFirst 

func WithMatchFragFirst() OptionMatchFrag

Matches on the first fragment.

func WithMatchFragID 

func WithMatchFragID(invert bool, id ...int) OptionMatchFrag

This option takes mostly 2 ids, (min) or (min, max) Matches the given Identification or range of it.

func WithMatchFragLast 

func WithMatchFragLast() OptionMatchFrag

Matches if this is the last fragment.

func WithMatchFragLen 

func WithMatchFragLen(invert bool, length int) OptionMatchFrag

This option cannot be used with kernel version 2.6.10 or later. The length of Fragment header is static and this option doesn't make sense.

func WithMatchFragMore 

func WithMatchFragMore() OptionMatchFrag

Matches if there are more fragments.

func WithMatchFragReserved 

func WithMatchFragReserved() OptionMatchFrag

Matches if the reserved fields are filled with zero.

type OptionMatchHBH 

type OptionMatchHBH func(*MatchHBH)

func WithMatchHBHLength 

func WithMatchHBHLength(invert bool, length int) OptionMatchHBH

Total length of this header in octets.

func WithMatchHBHOpts 

func WithMatchHBHOpts(opts ...network.IPv6Option) OptionMatchHBH

Numeric type of option and the length of the option data in octets.

type OptionMatchHashLimit 

type OptionMatchHashLimit func(*MatchHashLimit)

func WithMatchHashLimitAbove 

func WithMatchHashLimitAbove(rate xtables.Rate) OptionMatchHashLimit

Match if the rate is above amount/quantum.

func WithMatchHashLimitBurst 

func WithMatchHashLimitBurst(burst int) OptionMatchHashLimit

Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5.

func WithMatchHashLimitDstMask 

func WithMatchHashLimitDstMask(mask int) OptionMatchHashLimit

All destination addresses encountered will be grouped according to the given prefix length and the so-created subnet will be subject to hashlimit.

func WithMatchHashLimitHashtableExpire 

func WithMatchHashLimitHashtableExpire(expire int) OptionMatchHashLimit

After how many milliseconds do hash entries expire

func WithMatchHashLimitHashtableGCInterval 

func WithMatchHashLimitHashtableGCInterval(interval int) OptionMatchHashLimit

How many milliseconds between garbage collection intervals.

func WithMatchHashLimitHashtableMax 

func WithMatchHashLimitHashtableMax(max int) OptionMatchHashLimit

The number of buckets of the hash table.

func WithMatchHashLimitHashtableSize 

func WithMatchHashLimitHashtableSize(size int) OptionMatchHashLimit

The number of buckets of the hash table.

func WithMatchHashLimitMode 

func WithMatchHashLimitMode(mode HashLimitMode) OptionMatchHashLimit

A comma-separated list of objects to take into consideration.

func WithMatchHashLimitName 

func WithMatchHashLimitName(name string) OptionMatchHashLimit

The name for the /proc/net/ipt_hashlimit/xxx entry

func WithMatchHashLimitRateInterval 

func WithMatchHashLimitRateInterval(interval int) OptionMatchHashLimit

func WithMatchHashLimitRateMatch 

func WithMatchHashLimitRateMatch() OptionMatchHashLimit

func WithMatchHashLimitSrcMask 

func WithMatchHashLimitSrcMask(mask int) OptionMatchHashLimit

All source addresses encountered will be grouped according to the given prefix length and the so-created subnet will be subject to hashlimit.

func WithMatchHashLimitUpto 

func WithMatchHashLimitUpto(rate xtables.Rate) OptionMatchHashLimit

Match if the rate is below or equal to amount/quantum.

type OptionMatchICMP 

type OptionMatchICMP func(*MatchICMP)

func WithMatchICMPCode 

func WithMatchICMPCode(code network.ICMPCode) OptionMatchICMP

type OptionMatchIPRange 

type OptionMatchIPRange func(*MatchIPRange)

func WithMatchIPRangeDst 

func WithMatchIPRangeDst(invert bool, ip ...net.IP) OptionMatchIPRange

This option takes mostly 2 ips, (min) or (min, max) Match destination IP in the specified range.

func WithMatchIPRangeSrc 

func WithMatchIPRangeSrc(invert bool, ip ...net.IP) OptionMatchIPRange

This option takes mostly 2 ips, (min) or (min, max) Match source IP in the specified range.

type OptionMatchIPVS 

type OptionMatchIPVS func(*MatchIPVS)

func WithMatchIPVS 

func WithMatchIPVS(invert bool) OptionMatchIPVS

Packet belongs to an IPVS connection.

func WithMatchVAddr 

func WithMatchVAddr(invert bool, addr network.Address) OptionMatchIPVS

VIP address to match.

func WithMatchVDir 

func WithMatchVDir(dir ConnTrackDir) OptionMatchIPVS

Flow direction of packet

func WithMatchVMethod 

func WithMatchVMethod(invert bool, method IPVSMethod) OptionMatchIPVS

IPVS forwarding method used.

func WithMatchVPort 

func WithMatchVPort(invert bool, port int) OptionMatchIPVS

VIP port to match.

func WithMatchVPortCtl 

func WithMatchVPortCtl(invert bool, portCtl int) OptionMatchIPVS

VIP port of the controlling connection to match.

func WithMatchVProto 

func WithMatchVProto(invert bool, proto network.Protocol) OptionMatchIPVS

VIP protocol to match.

type OptionMatchIPv6Header 

type OptionMatchIPv6Header func(*MatchIPv6Header)

func WithMatchIPv6Header 

func WithMatchIPv6Header(headers ...network.IPv6HeaderType) OptionMatchIPv6Header

Matches the packet which EXACTLY includes all specified headers.

func WithMatchIPv6HeaderSoft 

func WithMatchIPv6HeaderSoft() OptionMatchIPv6Header

Matches if the packet includes any of the headers specified with WithMatchIPv6Header

type OptionMatchLimit 

type OptionMatchLimit func(*MatchLimit)

func WithMatchLimit 

func WithMatchLimit(rate xtables.Rate) OptionMatchLimit

Maximum average matching rate.

func WithMatchLimitBurst 

func WithMatchLimitBurst(burst int) OptionMatchLimit

Maximum initial number of packets to match.

type OptionMatchMultiPort 

type OptionMatchMultiPort func(*MatchMultiPort)

func WithMatchMultiPortDstPortRanges added in v1.0.1 

func WithMatchMultiPortDstPortRanges(invert bool, ports ...PortRange) OptionMatchMultiPort

Match if the destination port is one of the given ports.

func WithMatchMultiPortDstPorts added in v1.0.1 

func WithMatchMultiPortDstPorts(invert bool, ports ...int) OptionMatchMultiPort

func WithMatchMultiPortPortRanges added in v1.0.1 

func WithMatchMultiPortPortRanges(invert bool, ports ...PortRange) OptionMatchMultiPort

Match if either the source or destination ports are equal to one of the given ports.

func WithMatchMultiPortSrcPortRanges added in v1.0.1 

func WithMatchMultiPortSrcPortRanges(invert bool, ports ...PortRange) OptionMatchMultiPort

Match if the source port is one of the given ports.

func WithMatchMultiPortSrcPorts added in v1.0.1 

func WithMatchMultiPortSrcPorts(invert bool, ports ...int) OptionMatchMultiPort

type OptionMatchOSF 

type OptionMatchOSF func(*MatchOSF)

func WithMatchOSFGenre 

func WithMatchOSFGenre(invert bool, genre string) OptionMatchOSF

Match an operating system genre by using a passive fingerprinting.

func WithMatchOSFLog 

func WithMatchOSFLog(log int) OptionMatchOSF

Log determined genres into dmesg even if they do not match the desired one.

func WithMatchOSFTTL 

func WithMatchOSFTTL(level int) OptionMatchOSF

Do additional TTL checks on the packet to determine the operating system.

type OptionMatchOwner 

type OptionMatchOwner func(*MatchOwner)

func WithMatchOwnerGid 

func WithMatchOwnerGid(invert bool, gid ...int) OptionMatchOwner

Matches if the packet socket's file structure is owned by the given group.

func WithMatchOwnerGroup 

func WithMatchOwnerGroup(invert bool, group string) OptionMatchOwner

Matches if the packet socket's file structure is owned by the given group.

func WithMatchOwnerSocketExists 

func WithMatchOwnerSocketExists(invert bool) OptionMatchOwner

Matches if the packet is associated with a socket.

func WithMatchOwnerSupplGroups 

func WithMatchOwnerSupplGroups() OptionMatchOwner

Group to be also checked in the supplementary groups of a process.

func WithMatchOwnerUid 

func WithMatchOwnerUid(invert bool, uid ...int) OptionMatchOwner

Matches if the packet socket's file structure (if it has one) is owned by the given user.

func WithMatchOwnerUser 

func WithMatchOwnerUser(invert bool, name string) OptionMatchOwner

Matches if the packet socket's file structure (if it has one) is owned by the given user.

type OptionMatchPhysDev 

type OptionMatchPhysDev func(*MatchPhysDev)

func WithMatchPhysDevIn 

func WithMatchPhysDevIn(invert bool, in string) OptionMatchPhysDev

Name of a bridge port via which a packet is received.

func WithMatchPhysDevIsBridged 

func WithMatchPhysDevIsBridged(invert bool) OptionMatchPhysDev

func WithMatchPhysDevIsIn 

func WithMatchPhysDevIsIn(invert bool) OptionMatchPhysDev

Matches if the packet has entered through a bridge interface.

func WithMatchPhysDevIsOut 

func WithMatchPhysDevIsOut(invert bool) OptionMatchPhysDev

Matches if the packet will leave through a bridge interface.

func WithMatchPhysDevOut 

func WithMatchPhysDevOut(invert bool, out string) OptionMatchPhysDev

Name of a bridge port via which a packet is going to be sent.

type OptionMatchPolicy 

type OptionMatchPolicy func(*MatchPolicy)

func WithMatchPolicy 

func WithMatchPolicy(pol PolicyPol) OptionMatchPolicy

Matches if the packet is subject to IPsec processing.

func WithMatchPolicyDir 

func WithMatchPolicyDir(dir xtables.Direction) OptionMatchPolicy
Used to select whether to match the policy used for decapsulation or

the policy that will be used for encapsulation.

func WithMatchPolicyElements 

func WithMatchPolicyElements(elems ...*MatchPolicyElement) OptionMatchPolicy

func WithMatchPolicyStrict 

func WithMatchPolicyStrict() OptionMatchPolicy

Selects whether to match the exact policy or match if any rule of the policy matches the given policy.

type OptionMatchRPFilter 

type OptionMatchRPFilter func(*MatchRPFilter)

func WithMatchRPFilterAcceptLocal 

func WithMatchRPFilterAcceptLocal() OptionMatchRPFilter
This will permit packets arriving from the network with a source address

that is also assigned to the local machine.

func WithMatchRPFilterInvert 

func WithMatchRPFilterInvert() OptionMatchRPFilter

This will invert the sense of the match. Instead of matching packets that passed the reverse path filter test, match those that have failed it.

func WithMatchRPFilterLoose 

func WithMatchRPFilterLoose() OptionMatchRPFilter

Used to specify that the reverse path filter test should match even if the selected output device is not the expected one.

func WithMatchRPFilterValidMark 

func WithMatchRPFilterValidMark() OptionMatchRPFilter

Also use the packets' nfmark value when performing the reverse path route lookup.

type OptionMatchRT 

type OptionMatchRT func(*MatchRT)

func WithMatchRTAddresses 

func WithMatchRTAddresses(addrs ...network.Address) OptionMatchRT

Match addresses when type == 0.

func WithMatchRTLength 

func WithMatchRTLength(invert bool, length int) OptionMatchRT

Match the length of this header.

func WithMatchRTNoStrict 

func WithMatchRTNoStrict() OptionMatchRT

List of addresses is not a strict list when type == 0.

func WithMatchRTReserved 

func WithMatchRTReserved() OptionMatchRT

Match the reserved field when type == 0.

func WithMatchRTSegsLeft 

func WithMatchRTSegsLeft(invert bool, segsleft ...int) OptionMatchRT

Takes mostly 2 values, (min) or (min, max) Match the `segments left' field (range).

func WithMatchRTType 

func WithMatchRTType(invert bool, typ int) OptionMatchRT

Match the type.

type OptionMatchRateEst 

type OptionMatchRateEst func(*MatchRateEst)

func WithMatchRateBPS 

func WithMatchRateBPS(value int) OptionMatchRateEst

func WithMatchRateBPS1 

func WithMatchRateBPS1(value int) OptionMatchRateEst

func WithMatchRateBPS2 

func WithMatchRateBPS2(value int) OptionMatchRateEst

func WithMatchRateEst1 

func WithMatchRateEst1(name string) OptionMatchRateEst

The names of the two rate estimators for relative mode.

func WithMatchRateEst2 

func WithMatchRateEst2(name string) OptionMatchRateEst

The names of the two rate estimators for relative mode.

func WithMatchRateEstDelta 

func WithMatchRateEstDelta() OptionMatchRateEst

For each estimator (either absolute or relative mode), calculate the difference between the estimator-determined flow rate and the static value chosen with the BPS/PPS options.

func WithMatchRateEstName 

func WithMatchRateEstName(name string) OptionMatchRateEst

Name of the one rate estimator for absolute mode.

func WithMatchRateEstOperator 

func WithMatchRateEstOperator(invert bool, operator xtables.Operator) OptionMatchRateEst

LT, GT or EQ

func WithMatchRatePPS 

func WithMatchRatePPS(value int) OptionMatchRateEst

func WithMatchRatePPS1 

func WithMatchRatePPS1(value int) OptionMatchRateEst

func WithMatchRatePPS2 

func WithMatchRatePPS2(value int) OptionMatchRateEst

type OptionMatchRecent 

type OptionMatchRecent func(*MatchRecent)

func WithMatchRTTL 

func WithMatchRTTL() OptionMatchRecent

see iptables-extensions

func WithMatchRecentCheck 

func WithMatchRecentCheck(invert bool) OptionMatchRecent

Check if the source address of the packet is currently in the list.

func WithMatchRecentHitCount 

func WithMatchRecentHitCount(hitCount int) OptionMatchRecent

see iptables-extensions

func WithMatchRecentMask 

func WithMatchRecentMask(mask net.IPMask) OptionMatchRecent

func WithMatchRecentName 

func WithMatchRecentName(name string) OptionMatchRecent

Specify the list to use for the commands.

func WithMatchRecentRDestination 

func WithMatchRecentRDestination() OptionMatchRecent

Match/save the destination address of each packet in the recent list table.

func WithMatchRecentRSource 

func WithMatchRecentRSource() OptionMatchRecent

Match/save the source address of each packet in the recent list table. This is the default.

func WithMatchRecentReap 

func WithMatchRecentReap() OptionMatchRecent

This option can only be used in conjunction with Seconds. When used, this will cause entries older than the last given number of seconds to be purged.

func WithMatchRecentRemove 

func WithMatchRecentRemove(invert bool) OptionMatchRecent

Check if the source address of the packet is currently in the list and if so that address will be removed from the list and the rule will return true. If the address is not found, false is returned.

func WithMatchRecentSeconds 

func WithMatchRecentSeconds(seconds int) OptionMatchRecent

This option must be used in conjunction with one of Check or Update. When used, this will narrow the match to only happen when the address is in the list and was seen within the last given number of seconds.

func WithMatchRecentSet 

func WithMatchRecentSet(invert bool) OptionMatchRecent

This will add the source address of the packet to the list. If the source address is already in the list, this will update the existing entry.

func WithMatchRecentUpdate 

func WithMatchRecentUpdate(invert bool) OptionMatchRecent

Like WithMatchRecentCheck, except it will update the "last seen" timestamp if it matches.

type OptionMatchSCTP 

type OptionMatchSCTP func(*MatchSCTP)

func WithMatchSCTPChunk 

func WithMatchSCTPChunk(invert bool, rg MatchRange, chunks ...Chunk) OptionMatchSCTP

func WithMatchSCTPDstPort 

func WithMatchSCTPDstPort(invert bool, port ...int) OptionMatchSCTP

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchSCTPSrcPort 

func WithMatchSCTPSrcPort(invert bool, port ...int) OptionMatchSCTP

This option takes mostly 2 ports, (min) or (min, max)

type OptionMatchSet 

type OptionMatchSet func(*MatchSet)

func WithMatchSetBytesEqual 

func WithMatchSetBytesEqual(value int) OptionMatchSet

func WithMatchSetBytesGreaterThan 

func WithMatchSetBytesGreaterThan(value int) OptionMatchSet

func WithMatchSetBytesLessThan 

func WithMatchSetBytesLessThan(value int) OptionMatchSet

func WithMatchSetBytesNotEqual 

func WithMatchSetBytesNotEqual(value int) OptionMatchSet

func WithMatchSetName 

func WithMatchSetName(invert bool, name string, flags ...Flag) OptionMatchSet

There can be at least on and no more than six of flags.

func WithMatchSetPacketsEqual 

func WithMatchSetPacketsEqual(value int) OptionMatchSet

func WithMatchSetPacketsGreaterThan 

func WithMatchSetPacketsGreaterThan(value int) OptionMatchSet

func WithMatchSetPacketsLessThan 

func WithMatchSetPacketsLessThan(value int) OptionMatchSet

func WithMatchSetPacketsNotEqual 

func WithMatchSetPacketsNotEqual(value int) OptionMatchSet

func WithMatchSetReturnNoMatch 

func WithMatchSetReturnNoMatch() OptionMatchSet

func WithMatchSetSkipCounterUpdate 

func WithMatchSetSkipCounterUpdate() OptionMatchSet

Default the packet and byte counters are updated, use this function to skip.

func WithMatchSetSkipSubCounterUpdate 

func WithMatchSetSkipSubCounterUpdate() OptionMatchSet

type OptionMatchSocket 

type OptionMatchSocket func(*MatchSocket)

func WithMatchSocketNoWildcard 

func WithMatchSocketNoWildcard() OptionMatchSocket

Do not ignore sockets bound to 'any' address. The socket match won't accept zero-bound listeners by default, since then local services could intercept traffic that would otherwise be forwarded. This option therefore has security implications when used to match traffic being forwarded to redirect such packets to local machine with policy routing.

func WithMatchSocketRestoreSKMark 

func WithMatchSocketRestoreSKMark() OptionMatchSocket

func WithMatchSocketTransparent 

func WithMatchSocketTransparent() OptionMatchSocket

Ignore non-transparent sockets.

type OptionMatchStatistic 

type OptionMatchStatistic func(*MatchStatistic)

func WithMatchStatisticEvery 

func WithMatchStatisticEvery(invert bool, every int) OptionMatchStatistic

Match one packet every nth packet.

func WithMatchStatisticMode 

func WithMatchStatisticMode(mode StatisticMode) OptionMatchStatistic

Set the matching mode of the matching rule.

func WithMatchStatisticPacket 

func WithMatchStatisticPacket(packet int) OptionMatchStatistic

Set the initial counter value for the nth mode.

func WithMatchStatisticProbability 

func WithMatchStatisticProbability(invert bool, probability float64) OptionMatchStatistic

Set the probability for a packet to be randomly matched.

type OptionMatchString 

type OptionMatchString func(*MatchString)

func WithMatchStringAlgo 

func WithMatchStringAlgo(algo StringAlgo) OptionMatchString

Select the pattern matching strategy.

func WithMatchStringFrom 

func WithMatchStringFrom(from int) OptionMatchString

Set the offset from which it starts looking for any matching.

func WithMatchStringHexPattern 

func WithMatchStringHexPattern(invert bool, hexPattern []byte) OptionMatchString

Matches the given pattern in hex notation.

func WithMatchStringIgnoreCase 

func WithMatchStringIgnoreCase() OptionMatchString

func WithMatchStringPattern 

func WithMatchStringPattern(invert bool, pattern string) OptionMatchString

Matches the given pattern.

func WithMatchStringTo 

func WithMatchStringTo(to int) OptionMatchString

Set the offset up to which should be scanned.

type OptionMatchTCP 

type OptionMatchTCP func(*MatchTCP)

func WithMatchTCPDstPort 

func WithMatchTCPDstPort(invert bool, port ...int) OptionMatchTCP

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchTCPFlags 

func WithMatchTCPFlags(invert bool, mask network.TCPFlag, set network.TCPFlag) OptionMatchTCP

Match when the TCP flags are as specified.

func WithMatchTCPOption 

func WithMatchTCPOption(invert bool, option int) OptionMatchTCP

func WithMatchTCPSYN 

func WithMatchTCPSYN(invert bool) OptionMatchTCP

func WithMatchTCPSrcPort 

func WithMatchTCPSrcPort(invert bool, port ...int) OptionMatchTCP

This option takes mostly 2 ports, (min) or (min, max)

type OptionMatchTTL 

type OptionMatchTTL func(*MatchTTL)

func WithMatchTTLEqual 

func WithMatchTTLEqual(ttl int) OptionMatchTTL

Matches the given TTL value.

func WithMatchTTLGreaterThan 

func WithMatchTTLGreaterThan(ttl int) OptionMatchTTL

Matches if TTL is greater than the given TTL value.

func WithMatchTTLLessThan 

func WithMatchTTLLessThan(ttl int) OptionMatchTTL

Matches if TTL is less than the given TTL value.

func WithMatchTTLNotEqual 

func WithMatchTTLNotEqual(ttl int) OptionMatchTTL

Doesn't match the given TTL value.

type OptionMatchTime 

type OptionMatchTime func(mTime *MatchTime)

func WithMatchTimeContiguous 

func WithMatchTimeContiguous() OptionMatchTime

Match this as a single time period instead distinct intervals.

func WithMatchTimeDateStart 

func WithMatchTimeDateStart(start *xtables.Date) OptionMatchTime

func WithMatchTimeDateStop 

func WithMatchTimeDateStop(top *xtables.Date) OptionMatchTime

func WithMatchTimeDaytimeStart 

func WithMatchTimeDaytimeStart(start *xtables.Daytime) OptionMatchTime

func WithMatchTimeDaytimeStop 

func WithMatchTimeDaytimeStop(top *xtables.Daytime) OptionMatchTime

func WithMatchTimeKernelTZ 

func WithMatchTimeKernelTZ() OptionMatchTime

Use the kernel timezone instead of UTC to determine whether a packet meets the time regulations.

func WithMatchTimeMonthdays 

func WithMatchTimeMonthdays(monthdays xtables.Monthday) OptionMatchTime

Match on the given days of the month.

func WithMatchTimeNotMonthdays 

func WithMatchTimeNotMonthdays(monthdays xtables.Monthday) OptionMatchTime

Match not on the given days of the month.

func WithMatchTimeNotWeekdays 

func WithMatchTimeNotWeekdays(weekdays xtables.Weekday) OptionMatchTime

Match not on the given weekdays.

func WithMatchTimeWeekdays 

func WithMatchTimeWeekdays(weekdays xtables.Weekday) OptionMatchTime

Match on the given weekdays.

type OptionMatchUDP 

type OptionMatchUDP func(*MatchUDP)

func WithMatchUDPDstPort 

func WithMatchUDPDstPort(invert bool, port ...int) OptionMatchUDP

This option takes mostly 2 ports, (min) or (min, max)

func WithMatchUDPSrcPort 

func WithMatchUDPSrcPort(invert bool, port ...int) OptionMatchUDP

This option takes mostly 2 ports, (min) or (min, max)

type OptionModprobe 

type OptionModprobe struct {
	// contains filtered or unexported fields
}

When adding or inserting rule into a chain, use command to load any necessary modules(targets, match extensions, etc).

func (OptionModprobe) Equal 

func (bo OptionModprobe) Equal(opt Option) bool

func (OptionModprobe) Long 

func (bo OptionModprobe) Long() string

func (OptionModprobe) LongArgs 

func (bo OptionModprobe) LongArgs() []string

func (*OptionModprobe) Short 

func (opt *OptionModprobe) Short() string

func (*OptionModprobe) ShortArgs 

func (opt *OptionModprobe) ShortArgs() []string

func (OptionModprobe) Type 

func (bo OptionModprobe) Type() OptionType

type OptionNumeric 

type OptionNumeric struct {
	// contains filtered or unexported fields
}

func (OptionNumeric) Equal 

func (bo OptionNumeric) Equal(opt Option) bool

func (OptionNumeric) Long 

func (bo OptionNumeric) Long() string

func (OptionNumeric) LongArgs 

func (bo OptionNumeric) LongArgs() []string

func (*OptionNumeric) Short 

func (opt *OptionNumeric) Short() string

func (*OptionNumeric) ShortArgs 

func (opt *OptionNumeric) ShortArgs() []string

func (OptionNumeric) Type 

func (bo OptionNumeric) Type() OptionType

type OptionTargetCT 

type OptionTargetCT func(*TargetCT)

func WithTargetCTEvents 

func WithTargetCTEvents(events ...CTEvent) OptionTargetCT

Only generate the specified conntrack events for this connection.

func WithTargetCTExpectEvents 

func WithTargetCTExpectEvents(events ...CTExpectEvent) OptionTargetCT

Only generate the specified expectation events for this connection.

func WithTargetCTHelper 

func WithTargetCTHelper(name string) OptionTargetCT

Use the helper identified by name for the connection. This is more flexible than loading the conntrack helper modules with preset ports.

func WithTargetCTNoTrack 

func WithTargetCTNoTrack() OptionTargetCT

Disables connection tracking for this packet.

func WithTargetCTTimeout 

func WithTargetCTTimeout(timeout string) OptionTargetCT

Use the timeout policy identified by name for the connection. This is provides more flexible timeout policy definition than global timeout values available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.

func WithTargetCTZone 

func WithTargetCTZone(id int) OptionTargetCT

func WithTargetCTZoneMark 

func WithTargetCTZoneMark() OptionTargetCT

The zone is derived from the packet nfmark

func WithTargetCTZoneOrig 

func WithTargetCTZoneOrig(id int) OptionTargetCT

func WithTargetCTZoneOrigMark 

func WithTargetCTZoneOrigMark() OptionTargetCT

The zone is derived from the packet nfmark

func WithTargetCTZoneReply 

func WithTargetCTZoneReply(id int) OptionTargetCT

func WithTargetCTZoneReplyMark 

func WithTargetCTZoneReplyMark() OptionTargetCT

The zone is derived from the packet nfmark

type OptionTargetClusterIP 

type OptionTargetClusterIP func(*TargetClusterIP)

func WithTargetClusterIPHashInit 

func WithTargetClusterIPHashInit(hashInit int) OptionTargetClusterIP

Specify the random seed used for hash initialization.

func WithTargetClusterIPHashMode 

func WithTargetClusterIPHashMode(mode ClusterIPHashMode) OptionTargetClusterIP

Specify the hashing mode.

func WithTargetClusterIPLocalNode 

func WithTargetClusterIPLocalNode(localNode int) OptionTargetClusterIP

Local node number within this cluster.

func WithTargetClusterIPMac 

func WithTargetClusterIPMac(mac net.HardwareAddr) OptionTargetClusterIP

Specify the ClusterIP MAC address.

func WithTargetClusterIPNew 

func WithTargetClusterIPNew() OptionTargetClusterIP

Create a new ClusterIP.

func WithTargetClusterIPTotalNodes 

func WithTargetClusterIPTotalNodes(totalNodes int) OptionTargetClusterIP

Number of total nodes within this cluster.

type OptionTargetConnMark 

type OptionTargetConnMark func(*TargetConnMark)

func WithTargetConnMarkAnd 

func WithTargetConnMarkAnd(mark int) OptionTargetConnMark

Binary AND the ctmark with bits.

func WithTargetConnMarkOr 

func WithTargetConnMarkOr(mark int) OptionTargetConnMark

Binary OR the ctmark with bits.

func WithTargetConnMarkRestore 

func WithTargetConnMarkRestore(mask ...int) OptionTargetConnMark

Copy the connection mark (ctmark) to the packet mark (nfmark) using the given masks. The new ctmark value is determined as follows: nfmark = (nfmark & ~nfmask) ^ (ctmark & ctmask)

func WithTargetConnMarkSaveMark 

func WithTargetConnMarkSaveMark(mask ...int) OptionTargetConnMark

Copy the packet mark (nfmark) to the connection mark (ctmark) using the given masks. The new nfmark value is determined as follows: ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)

func WithTargetConnMarkSetMark 

func WithTargetConnMarkSetMark(mark ...int) OptionTargetConnMark

Set the connection mark. If a mask is specified then only those bits set in the mask are modified.

func WithTargetConnMarkSetXMark 

func WithTargetConnMarkSetXMark(mark ...int) OptionTargetConnMark

This option takes mostly 2 value, (value) or (value, mask) Zero out the bits given by mask and XOR value into the ctmark.

func WithTargetConnMarkXor 

func WithTargetConnMarkXor(mark int) OptionTargetConnMark

Binary XOR the ctmark with bits.

type OptionTargetDNAT 

type OptionTargetDNAT func(*TargetDNAT)

func WithTargetDNATPersistent 

func WithTargetDNATPersistent() OptionTargetDNAT

func WithTargetDNATRandom 

func WithTargetDNATRandom() OptionTargetDNAT

func WithTargetDNATToAddr 

func WithTargetDNATToAddr(addr network.Address, port int) OptionTargetDNAT

func WithTargetDNATToAddrs 

func WithTargetDNATToAddrs(addrMin, addrMax network.Address, portMin, portMax int) OptionTargetDNAT

To set addr nil or port -1 means empty.

type OptionTargetDNPT 

type OptionTargetDNPT func(*TargetDNPT)

func WithTargetDNPTDstPrefix 

func WithTargetDNPTDstPrefix(prefix *net.IPNet) OptionTargetDNPT

func WithTargetDNPTSrcPrefix 

func WithTargetDNPTSrcPrefix(prefix *net.IPNet) OptionTargetDNPT

type OptionTargetDSCP 

type OptionTargetDSCP func(*TargetDSCP)

func WithTargetDSCPClass 

func WithTargetDSCPClass(class DSCPClass) OptionTargetDSCP

func WithTargetDSCPValue 

func WithTargetDSCPValue(value int) OptionTargetDSCP

Target against a numeric value [0-63].

type OptionTargetECN 

type OptionTargetECN func(*TargetECN)

func WithTargetECNRemove 

func WithTargetECNRemove() OptionTargetECN

type OptionTargetHL 

type OptionTargetHL func(*TargetHL)

func WithTargetHLDec 

func WithTargetHLDec(value int) OptionTargetHL

func WithTargetHLInc 

func WithTargetHLInc(value int) OptionTargetHL

func WithTargetHLSet 

func WithTargetHLSet(value int) OptionTargetHL

type OptionTargetHMark 

type OptionTargetHMark func(*TargetHMark)

func WithTargetHMarkDstPortMask 

func WithTargetHMarkDstPortMask(mask int) OptionTargetHMark

A 16 bit destination port mask in hexadecimal.

func WithTargetHMarkDstPrefix 

func WithTargetHMarkDstPrefix(prefix int) OptionTargetHMark

The destination address mask in CIDR notation.

func WithTargetHMarkModulus 

func WithTargetHMarkModulus(modulus int) OptionTargetHMark

Modulus for hash calculation (to limit the range of possible marks).

func WithTargetHMarkOffset 

func WithTargetHMarkOffset(offset int) OptionTargetHMark

Offset to start marks from.

func WithTargetHMarkProtoMask 

func WithTargetHMarkProtoMask(mask int) OptionTargetHMark

An 8 bit field with layer 4 protocol number.

func WithTargetHMarkRandom 

func WithTargetHMarkRandom(rnd int) OptionTargetHMark

A 32 bit random custom value to feed hash calculation.

func WithTargetHMarkSPIMask 

func WithTargetHMarkSPIMask(mask int) OptionTargetHMark

A 32 bit field with spi mask.

func WithTargetHMarkSrcPortMask 

func WithTargetHMarkSrcPortMask(mask int) OptionTargetHMark

A 16 bit source port mask in hexadecimal.

func WithTargetHMarkSrcPrefix 

func WithTargetHMarkSrcPrefix(prefix int) OptionTargetHMark

The source address mask in CIDR notation.

func WithTargetHMarkTuple 

func WithTargetHMarkTuple(tuple HMarkTuple) OptionTargetHMark

type OptionTargetIdleTimer 

type OptionTargetIdleTimer func(*TargetIdleTimer)

func WithTargetIdleTimerLabel 

func WithTargetIdleTimerLabel(label string) OptionTargetIdleTimer

This is a unique identifier for the timer. The maximum length for the label string is 27 characters.

func WithTargetIdleTimerTimeout 

func WithTargetIdleTimerTimeout(timeout int) OptionTargetIdleTimer

This is the time in seconds that will trigger the notification.

type OptionTargetLED 

type OptionTargetLED func(*TargetLED)
func WithTargetLEDAlwaysBlink() OptionTargetLED

Always make the LED blink on packet arrival, even if the LED is already on.

func WithTargetLEDDelay 

func WithTargetLEDDelay(delay int) OptionTargetLED

This indicates how long (in milliseconds) the LED should be left illuminated when a packet arrives before being switched off again.

func WithTargetLEDTriggerID 

func WithTargetLEDTriggerID(name string) OptionTargetLED

This is the name given to the LED trigger. The actual name of the trigger will be prefixed with "netfilter-".

type OptionTargetLog 

type OptionTargetLog func(*TargetLog)

func WithTargetLogIPOptions 

func WithTargetLogIPOptions() OptionTargetLog

func WithTargetLogLevel 

func WithTargetLogLevel(level LOGLevel) OptionTargetLog

func WithTargetLogPrefix 

func WithTargetLogPrefix(prefix string) OptionTargetLog

func WithTargetLogTCPOptions 

func WithTargetLogTCPOptions() OptionTargetLog

func WithTargetLogTCPSequence 

func WithTargetLogTCPSequence() OptionTargetLog

func WithTargetLogUID 

func WithTargetLogUID() OptionTargetLog

type OptionTargetMark 

type OptionTargetMark func(*TargetMark)

func WithTargetMarkAnd 

func WithTargetMarkAnd(mark int) OptionTargetMark

Binary AND the ctmark with bits.

func WithTargetMarkOr 

func WithTargetMarkOr(mark int) OptionTargetMark

Binary OR the ctmark with bits.

func WithTargetMarkSet 

func WithTargetMarkSet(mark ...int) OptionTargetMark

Zeroes out the bits given by mask and ORs value into the packet mark.

func WithTargetMarkSetX 

func WithTargetMarkSetX(mark ...int) OptionTargetMark

This option takes mostly 2 value, (value) or (value, mask) Zero out the bits given by mask and XOR value into the ctmark.

func WithTargetMarkXor 

func WithTargetMarkXor(mark int) OptionTargetMark

Binary XOR the ctmark with bits.

type OptionTargetMasquerade 

type OptionTargetMasquerade func(*TargetMasquerade)

func WithTargetMasqueradeRandom 

func WithTargetMasqueradeRandom() OptionTargetMasquerade

func WithTargetMasqueradeRandomFully 

func WithTargetMasqueradeRandomFully() OptionTargetMasquerade

func WithTargetMasqueradeToPort 

func WithTargetMasqueradeToPort(port ...int) OptionTargetMasquerade

This option takes mostly 2 ports, (min) or (min, max)

type OptionTargetNFLog 

type OptionTargetNFLog func(*TargetNFLog)

func WithTargetNFLogGroup 

func WithTargetNFLogGroup(group int) OptionTargetNFLog

The netlink group (0 - 2^16-1) to which packets are (only applicable for nfnetlink_log). The default value is 0.

func WithTargetNFLogPrefix 

func WithTargetNFLogPrefix(prefix string) OptionTargetNFLog

A prefix string to include in the log message, up to 64 characters long, useful for distinguishing messages in the logs.

func WithTargetNFLogRange 

func WithTargetNFLogRange(rg int) OptionTargetNFLog

This option has never worked, use NFLogSize instead.

func WithTargetNFLogSize 

func WithTargetNFLogSize(size int) OptionTargetNFLog

The number of bytes to be copied to userspace (only applicable for nfnetlink_log). nfnetlink_log instances may specify their own range, this option overrides it.

func WithTargetNFLogThreshold 

func WithTargetNFLogThreshold(threshold int) OptionTargetNFLog

Number of packets to queue inside the kernel before sending them to userspace (only applicable for nfnetlink_log). Higher values result in less overhead per packet, but increase delay until the packets reach userspace. The default value is 1.

type OptionTargetNFQueue 

type OptionTargetNFQueue func(*TargetNFQueue)

func WithTargetNFQueueBalance 

func WithTargetNFQueueBalance(min, max int) OptionTargetNFQueue

This specifies a range of queues to use. Packets are then balanced across the given queues. This is useful for multicore systems: start multiple instances of the userspace program on queues x, x+1, .. x+n

func WithTargetNFQueueBypass 

func WithTargetNFQueueBypass() OptionTargetNFQueue

By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued are dropped.

func WithTargetNFQueueCPUFanout 

func WithTargetNFQueueCPUFanout() OptionTargetNFQueue

Available starting Linux kernel 3.10. The idea is that you can improve performance if there's a queue per CPU.

func WithTargetNFQueueNum 

func WithTargetNFQueueNum(num int) OptionTargetNFQueue

This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0.

type OptionTargetNetmap 

type OptionTargetNetmap func(*TargetNetmap)

func WithTargetNetmapAddr 

func WithTargetNetmapAddr(addr network.Address) OptionTargetNetmap

Network address to map to.

type OptionTargetRateEst 

type OptionTargetRateEst func(*TargetRateEst)

func WithTargetRateEstEwmalog 

func WithTargetRateEstEwmalog(ewmalog float64) OptionTargetRateEst

Rate measurement averaging time constant.

func WithTargetRateEstInterval 

func WithTargetRateEstInterval(interval xtables.RateFloat) OptionTargetRateEst

Rate measurement interval, in seconds, milliseconds or microseconds.

func WithTargetRateEstName 

func WithTargetRateEstName(name string) OptionTargetRateEst

Count matched packets into the pool referred to by name, which is freely choosable.

type OptionTargetRedirect 

type OptionTargetRedirect func(*TargetRedirect)

func WithTargetRedirectRandom 

func WithTargetRedirectRandom() OptionTargetRedirect

func WithTargetRedirectToPort 

func WithTargetRedirectToPort(port ...int) OptionTargetRedirect

This option takes mostly 2 ports, (min) or (min, max)

type OptionTargetReject 

type OptionTargetReject func(*TargetReject)

func WithTargetRejectType 

func WithTargetRejectType(typ RejectType) OptionTargetReject

type OptionTargetSNAT 

type OptionTargetSNAT func(*TargetSNAT)

func WithTargetSNATPersistent 

func WithTargetSNATPersistent() OptionTargetSNAT

func WithTargetSNATRandom 

func WithTargetSNATRandom() OptionTargetSNAT

func WithTargetSNATToAddr 

func WithTargetSNATToAddr(addrMin, addrMax network.Address, portMin, portMax int) OptionTargetSNAT

To set addr nil or port -1 means empty.

type OptionTargetSNPT 

type OptionTargetSNPT func(*TargetSNPT)

func WithTargetSNPTDstPrefix 

func WithTargetSNPTDstPrefix(prefix *net.IPNet) OptionTargetSNPT

func WithTargetSNPTSrcPrefix 

func WithTargetSNPTSrcPrefix(prefix *net.IPNet) OptionTargetSNPT

type OptionTargetSYNProxy 

type OptionTargetSYNProxy func(*TargetSYNProxy)

func WithTargetSYNProxyECN 

func WithTargetSYNProxyECN() OptionTargetSYNProxy

func WithTargetSYNProxyMSS 

func WithTargetSYNProxyMSS(mss int) OptionTargetSYNProxy

Maximum segment size announced to clients. This must match the backend.

func WithTargetSYNProxySockPerm 

func WithTargetSYNProxySockPerm() OptionTargetSYNProxy

Pass client selective acknowledgement option to backend (will be disabled if not present).

func WithTargetSYNProxyTimestamp 

func WithTargetSYNProxyTimestamp() OptionTargetSYNProxy
Pass client timestamp option to backend (will be disabled if not present,

also needed for selective acknowledgement and window scaling).

func WithTargetSYNProxyWindowScale 

func WithTargetSYNProxyWindowScale(scale int) OptionTargetSYNProxy

Window scale announced to clients. This must match the backend.

type OptionTargetSame 

type OptionTargetSame func(*TargetSame)

func WithTargetSameAddr 

func WithTargetSameAddr(addr ...network.Address) OptionTargetSame

This option takes mostly 2 addrs, (min) or (min, max)

func WithTargetSameNoDst 

func WithTargetSameNoDst() OptionTargetSame

func WithTargetSameNoRandom 

func WithTargetSameNoRandom() OptionTargetSame

type OptionTargetSecMark 

type OptionTargetSecMark func(*TargetSecMark)

func WithTargetSecMarkSelCtx 

func WithTargetSecMarkSelCtx(selCtx string) OptionTargetSecMark

type OptionTargetSet 

type OptionTargetSet func(*TargetSet)

func WithTargetSetAdd 

func WithTargetSetAdd(name string, flags ...SetFlag) OptionTargetSet

func WithTargetSetDel 

func WithTargetSetDel(name string, flags ...SetFlag) OptionTargetSet

func WithTargetSetExist 

func WithTargetSetExist() OptionTargetSet

func WithTargetSetMap 

func WithTargetSetMap(name string, flags ...SetFlag) OptionTargetSet

func WithTargetSetMapMark 

func WithTargetSetMapMark() OptionTargetSet

func WithTargetSetMapPrio 

func WithTargetSetMapPrio() OptionTargetSet

func WithTargetSetMapQueue 

func WithTargetSetMapQueue() OptionTargetSet

func WithTargetSetTimeout 

func WithTargetSetTimeout(timeout int) OptionTargetSet

type OptionTargetTCPMSS 

type OptionTargetTCPMSS func(*TargetTCPMSS)

func WithTargetTCPMSS 

func WithTargetTCPMSS(mss int) OptionTargetTCPMSS

Explicitly sets MSS option to specified value.

func WithTargetTCPMSSClampMssToPmtu 

func WithTargetTCPMSSClampMssToPmtu() OptionTargetTCPMSS

type OptionTargetTCPOptStrip 

type OptionTargetTCPOptStrip func(*TargetTCPOptStrip)

func WithTargetTCPOptStripOpts 

func WithTargetTCPOptStripOpts(opts ...network.TCPOpt) OptionTargetTCPOptStrip

Strip the given option(s). The options may be specified by TCP option number or by symbolic name.

type OptionTargetTOS 

type OptionTargetTOS func(*TargetTOS)

func WithTargetTOSAnd 

func WithTargetTOSAnd(tos network.TOS) OptionTargetTOS

func WithTargetTOSOr 

func WithTargetTOSOr(tos network.TOS) OptionTargetTOS

func WithTargetTOSSet 

func WithTargetTOSSet(tos ...network.TOS) OptionTargetTOS

This option takes mostly 2 tos, (value) or (value/mask)

func WithTargetTOSXor 

func WithTargetTOSXor(tos network.TOS) OptionTargetTOS

type OptionTargetTProxy 

type OptionTargetTProxy func(*TargetTProxy)

func WithTargetTProxyMark 

func WithTargetTProxyMark(mark ...int) OptionTargetTProxy

func WithTargetTProxyOnIP 

func WithTargetTProxyOnIP(ip net.IP) OptionTargetTProxy

This specifies a destination address to use.

func WithTargetTProxyOnPort 

func WithTargetTProxyOnPort(port int) OptionTargetTProxy

This specifies a destination port to use.

type OptionTargetTTL 

type OptionTargetTTL func(*TargetTTL)

func WithTargetTTLDec 

func WithTargetTTLDec(value int) OptionTargetTTL

func WithTargetTTLInc 

func WithTargetTTLInc(value int) OptionTargetTTL

func WithTargetTTLSet 

func WithTargetTTLSet(value int) OptionTargetTTL

type OptionTargetULog 

type OptionTargetULog func(*TargetULog)

func WithTargetULogCopyRange 

func WithTargetULogCopyRange(rg int) OptionTargetULog

Number of bytes to be copied to userspace. A value of 0 always copies the entire packet, regardless of its size. Default is 0.

func WithTargetULogNetlinkGroup 

func WithTargetULogNetlinkGroup(group int) OptionTargetULog

This specifies the netlink group (1-32) to which the packet is sent. Default value is 1.

func WithTargetULogPrefix 

func WithTargetULogPrefix(prefix string) OptionTargetULog

Prefix log messages with the specified prefix; up to 32 characters long, and useful for distinguishing messages in the logs.

func WithTargetULogQueueThreshold 

func WithTargetULogQueueThreshold(threshold int) OptionTargetULog

Number of packet to queue inside kernel.

type OptionType 

type OptionType int
const (
	OptionTypeFragment OptionType = iota
	OptionTypeCounters
	OptionTypeVerbose
	OptionTypeWait
	OptionTypeWaitInterval
	OptionTypeNumeric
	OptionTypeNotNumeric
	OptionTypeExact
	OptionTypeLineNumbers
	OptionTypeModprobe
)

func (OptionType) Type 

func (ot OptionType) Type() string

func (OptionType) Value 

func (ot OptionType) Value() string

type OptionVerbose 

type OptionVerbose struct {
	// contains filtered or unexported fields
}

func (OptionVerbose) Equal 

func (bo OptionVerbose) Equal(opt Option) bool

func (*OptionVerbose) Long 

func (opt *OptionVerbose) Long() string

func (*OptionVerbose) LongArgs 

func (opt *OptionVerbose) LongArgs() []string

func (*OptionVerbose) Short 

func (opt *OptionVerbose) Short() string

func (*OptionVerbose) ShortArgs 

func (opt *OptionVerbose) ShortArgs() []string

func (OptionVerbose) Type 

func (bo OptionVerbose) Type() OptionType

type OptionWait 

type OptionWait struct {
	// contains filtered or unexported fields
}

func (OptionWait) Equal 

func (bo OptionWait) Equal(opt Option) bool

func (*OptionWait) Long 

func (opt *OptionWait) Long() string

func (*OptionWait) LongArgs 

func (opt *OptionWait) LongArgs() []string

func (*OptionWait) Short 

func (opt *OptionWait) Short() string

func (*OptionWait) ShortArgs 

func (opt *OptionWait) ShortArgs() []string

func (OptionWait) Type 

func (bo OptionWait) Type() OptionType

type OptionWaitInterval 

type OptionWaitInterval struct {
	// contains filtered or unexported fields
}

func (OptionWaitInterval) Equal 

func (bo OptionWaitInterval) Equal(opt Option) bool

func (*OptionWaitInterval) Long 

func (opt *OptionWaitInterval) Long() string

func (*OptionWaitInterval) LongArgs 

func (opt *OptionWaitInterval) LongArgs() []string

func (*OptionWaitInterval) Short 

func (opt *OptionWaitInterval) Short() string

func (*OptionWaitInterval) ShortArgs 

func (opt *OptionWaitInterval) ShortArgs() []string

func (OptionWaitInterval) Type 

func (bo OptionWaitInterval) Type() OptionType

type PktType 

type PktType int
const (
	Unicast PktType = 1 << iota
	Broadcast
	Multicast
)

func (PktType) String 

func (pktType PktType) String() string

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

func (*Policy) Long 

func (cmd *Policy) Long() string

func (*Policy) LongArgs 

func (cmd *Policy) LongArgs() []string

func (Policy) SetChainType 

func (bc Policy) SetChainType(chain ChainType)

func (*Policy) Short 

func (cmd *Policy) Short() string

func (*Policy) ShortArgs 

func (cmd *Policy) ShortArgs() []string

func (Policy) Type 

func (bc Policy) Type() CommandType

type PolicyMode 

type PolicyMode int
const (
	Tunnel PolicyMode
	Transport
	Unknown
)

func (PolicyMode) String 

func (policyMode PolicyMode) String() string

type PolicyPol 

type PolicyPol int
const (
	None PolicyPol
	IPSec
)

func (PolicyPol) String 

func (policyPol PolicyPol) String() string

type PortRange 

type PortRange struct {
	Start int
	End   int
}

0 for End means ignoring

type RejectType 

type RejectType int8
const (

	// IPv6
	Icmp6NoRoute RejectType
	NoRoute
	Icmp6AdmProhibited
	AdmProhibited
	Icmp6AddrUnreachable
	AddrUnreachable
	Icmp6PortUnreachable
	// IPv4
	IcmpNetUnreachable
	IcmpHostUnreachable
	IcmpPortUnreachable
	IcmpProtoUnreachable
	IcmpNetProhibited
	IcmpHostProhibited
	IcmpAdminProhibited
	// Both
	TcpReset
)

func (RejectType) String 

func (rejectType RejectType) String() string

type RenameChain 

type RenameChain struct {
	// contains filtered or unexported fields
}

func (*RenameChain) Long 

func (cmd *RenameChain) Long() string

func (*RenameChain) LongArgs 

func (cmd *RenameChain) LongArgs() []string

func (RenameChain) SetChainType 

func (bc RenameChain) SetChainType(chain ChainType)

func (*RenameChain) Short 

func (cmd *RenameChain) Short() string

func (*RenameChain) ShortArgs 

func (cmd *RenameChain) ShortArgs() []string

func (RenameChain) Type 

func (bc RenameChain) Type() CommandType

type Replace 

type Replace struct {
	// contains filtered or unexported fields
}

func (*Replace) Long 

func (cmd *Replace) Long() string

func (*Replace) LongArgs 

func (cmd *Replace) LongArgs() []string

func (Replace) SetChainType 

func (bc Replace) SetChainType(chain ChainType)

func (*Replace) Short 

func (cmd *Replace) Short() string

func (*Replace) ShortArgs 

func (cmd *Replace) ShortArgs() []string

func (Replace) Type 

func (bc Replace) Type() CommandType

type Rule 

type Rule struct {
	// contains filtered or unexported fields
}

func (*Rule) Chain 

func (rule *Rule) Chain() ChainType

func (*Rule) HasAllMatches 

func (rule *Rule) HasAllMatches(matches map[MatchType]Match) bool

func (*Rule) HasAllOptions 

func (rule *Rule) HasAllOptions(options map[OptionType]Option) bool

func (*Rule) HasTarget 

func (rule *Rule) HasTarget(target Target) bool

func (*Rule) Matches 

func (rule *Rule) Matches() []Match

func (*Rule) Options 

func (rule *Rule) Options() []Option

func (*Rule) Table 

func (rule *Rule) Table() TableType

func (*Rule) Target 

func (rule *Rule) Target() Target

type SCTPType 

type SCTPType int
const (
	SCTPTypeDATA             SCTPType = 0
	SCTPTypeINIT             SCTPType = 1
	SCTPTypeINITACK          SCTPType = 2
	SCTPTypeSACK             SCTPType = 3
	SCTPTypeHEARTBEAT        SCTPType = 4
	SCTPTypeHEARTBEATACK     SCTPType = 5
	SCTPTypeABORT            SCTPType = 6
	SCTPTypeSHUTDOWN         SCTPType = 7
	SCTPTypeSHUTDOWNACK      SCTPType = 8
	SCTPTypeERROR            SCTPType = 9
	SCTPTypeCOOKIEECHO       SCTPType = 10
	SCTPTypeCOOKIEACK        SCTPType = 11
	SCTPTypeECNECNE          SCTPType = 12
	SCTPTypeECNCWR           SCTPType = 13
	SCTPTypeSHUTDOWNCOMPLETE SCTPType = 14
	SCTPTypeASCONF           SCTPType = 193
	SCTPTypeASCONFACK        SCTPType = 128
	SCTPTypeFORWARDTSN       SCTPType = 192
)

func (SCTPType) String 

func (sctpType SCTPType) String() string

type SetFlag 

type SetFlag uint8
const (
	SetFlagSrc SetFlag = 1 << iota
	SetFlagDst
)

func (SetFlag) String 

func (setFlag SetFlag) String() string

type SetMode 

type SetMode uint8
const (
	SetModeAdd SetMode = 1 << iota
	SetModeDel
	SetModeMap
)

type Statement 

type Statement struct {
	// contains filtered or unexported fields
}

func NewStatement 

func NewStatement() *Statement

func (*Statement) Conflict 

func (statement *Statement) Conflict() error

func (*Statement) Elems 

func (statement *Statement) Elems() ([]string, error)

func (*Statement) String 

func (statement *Statement) String() (string, error)

type StatisticMode 

type StatisticMode int
const (
	StatisticModeRandom StatisticMode
	StatisticModeNth
)

func (StatisticMode) String 

func (statisticMode StatisticMode) String() string

type StringAlgo 

type StringAlgo int
const (
	StringAlgoBM StringAlgo
	StringAlgoKMP
)

func (StringAlgo) String 

func (stringAlgo StringAlgo) String() string

type TableType 

type TableType int
const (
	TableTypeNull     TableType = iota
	TableTypeFilter             // filter
	TableTypeNat                // nat
	TableTypeMangle             // mangle
	TableTypeRaw                // raw
	TableTypeSecurity           // security
)

func (TableType) Type 

func (tt TableType) Type() string

func (TableType) Value 

func (tt TableType) Value() string

type Target 

type Target interface {
	Type() TargetType
	Short() string
	Long() string
	ShortArgs() []string
	LongArgs() []string
	Parse([]byte) (int, bool)
	Equal(Target) bool
}

type TargetAccept 

type TargetAccept struct {
	// contains filtered or unexported fields
}

func (TargetAccept) Equal 

func (bt TargetAccept) Equal(tgt Target) bool

func (*TargetAccept) Long 

func (ta *TargetAccept) Long() string

func (*TargetAccept) LongArgs 

func (ta *TargetAccept) LongArgs() []string

func (TargetAccept) Parse 

func (bt TargetAccept) Parse([]byte) (int, bool)

func (*TargetAccept) Short 

func (ta *TargetAccept) Short() string

func (*TargetAccept) ShortArgs 

func (ta *TargetAccept) ShortArgs() []string

func (TargetAccept) Type 

func (bt TargetAccept) Type() TargetType

type TargetAudit 

type TargetAudit struct {
	AuditType AuditType
	// contains filtered or unexported fields
}

func (TargetAudit) Equal 

func (bt TargetAudit) Equal(tgt Target) bool

func (*TargetAudit) Long 

func (tAudit *TargetAudit) Long() string

func (*TargetAudit) LongArgs 

func (tAudit *TargetAudit) LongArgs() []string

func (*TargetAudit) Parse 

func (tAudit *TargetAudit) Parse(main []byte) (int, bool)

func (*TargetAudit) Short 

func (tAudit *TargetAudit) Short() string

func (*TargetAudit) ShortArgs 

func (tAudit *TargetAudit) ShortArgs() []string

func (TargetAudit) Type 

func (bt TargetAudit) Type() TargetType

type TargetCT 

type TargetCT struct {
	NoTrack      bool
	Helper       string
	Timeout      string
	Events       []CTEvent
	ExpectEvents []CTExpectEvent
	Zone         CTZone
	ZoneID       int
	Mark         bool
	// contains filtered or unexported fields
}

func (TargetCT) Equal 

func (bt TargetCT) Equal(tgt Target) bool

func (*TargetCT) Long 

func (tCT *TargetCT) Long() string

func (*TargetCT) LongArgs 

func (tCT *TargetCT) LongArgs() []string

func (*TargetCT) Parse 

func (tCT *TargetCT) Parse(main []byte) (int, bool)

func (*TargetCT) Short 

func (tCT *TargetCT) Short() string

func (*TargetCT) ShortArgs 

func (tCT *TargetCT) ShortArgs() []string

func (TargetCT) Type 

func (bt TargetCT) Type() TargetType

type TargetChecksum 

type TargetChecksum struct {
	Fill bool
	// contains filtered or unexported fields
}

func (TargetChecksum) Equal 

func (bt TargetChecksum) Equal(tgt Target) bool

func (*TargetChecksum) Long 

func (tChecksum *TargetChecksum) Long() string

func (*TargetChecksum) LongArgs 

func (tChecksum *TargetChecksum) LongArgs() []string

func (*TargetChecksum) Parse 

func (tChecksum *TargetChecksum) Parse(main []byte) (int, bool)

func (*TargetChecksum) Short 

func (tChecksum *TargetChecksum) Short() string

func (*TargetChecksum) ShortArgs 

func (tChecksum *TargetChecksum) ShortArgs() []string

func (TargetChecksum) Type 

func (bt TargetChecksum) Type() TargetType

type TargetClassify 

type TargetClassify struct {
	Major int
	Minor int
	// contains filtered or unexported fields
}

func (TargetClassify) Equal 

func (bt TargetClassify) Equal(tgt Target) bool

func (*TargetClassify) Long 

func (tClassify *TargetClassify) Long() string

func (*TargetClassify) LongArgs 

func (tClassify *TargetClassify) LongArgs() []string

func (*TargetClassify) Parse 

func (tClassify *TargetClassify) Parse(main []byte) (int, bool)

func (*TargetClassify) Short 

func (tClassify *TargetClassify) Short() string

func (*TargetClassify) ShortArgs 

func (tClassify *TargetClassify) ShortArgs() []string

func (TargetClassify) Type 

func (bt TargetClassify) Type() TargetType

type TargetClusterIP 

type TargetClusterIP struct {
	New        bool
	HashMode   ClusterIPHashMode
	Mac        net.HardwareAddr
	TotalNodes int
	LocalNode  int
	HashInit   int // randon seed
	// contains filtered or unexported fields
}

IPv4 specific

func (TargetClusterIP) Equal 

func (bt TargetClusterIP) Equal(tgt Target) bool

func (*TargetClusterIP) Long 

func (tClusterIP *TargetClusterIP) Long() string

func (*TargetClusterIP) LongArgs 

func (tClusterIP *TargetClusterIP) LongArgs() []string

func (*TargetClusterIP) Parse 

func (tClusterIP *TargetClusterIP) Parse(main []byte) (int, bool)

func (*TargetClusterIP) Short 

func (tClusterIP *TargetClusterIP) Short() string

func (*TargetClusterIP) ShortArgs 

func (tClusterIP *TargetClusterIP) ShortArgs() []string

func (TargetClusterIP) Type 

func (bt TargetClusterIP) Type() TargetType

type TargetConnMark 

type TargetConnMark struct {
	Mode   TargetConnMarkMode
	CTMark int
	CTMask int
	NFMask int
	// contains filtered or unexported fields
}

func (TargetConnMark) Equal 

func (bt TargetConnMark) Equal(tgt Target) bool

func (*TargetConnMark) Long 

func (tConnMark *TargetConnMark) Long() string

func (*TargetConnMark) LongArgs 

func (tConnMark *TargetConnMark) LongArgs() []string

func (*TargetConnMark) Parse 

func (tConnMark *TargetConnMark) Parse(main []byte) (int, bool)

func (*TargetConnMark) Short 

func (tConnMark *TargetConnMark) Short() string

func (*TargetConnMark) ShortArgs 

func (tConnMark *TargetConnMark) ShortArgs() []string

func (TargetConnMark) Type 

func (bt TargetConnMark) Type() TargetType

type TargetConnMarkMode 

type TargetConnMarkMode int8
const (
	TargetConnMarkModeAND TargetConnMarkMode
	TargetConnMarkModeOR
	TargetConnMarkModeXOR
	TargetConnMarkModeSET
	TargetConnMarkModeXSET
	TargetConnMarkModeSAVE
	TargetConnMarkModeRESTORE
)

type TargetConnSecMark 

type TargetConnSecMark struct {
	Mode TargetConnSecMarkMode
	// contains filtered or unexported fields
}

func (TargetConnSecMark) Equal 

func (bt TargetConnSecMark) Equal(tgt Target) bool

func (*TargetConnSecMark) Long 

func (tConnSecMark *TargetConnSecMark) Long() string

func (*TargetConnSecMark) LongArgs 

func (tConnSecMark *TargetConnSecMark) LongArgs() []string

func (*TargetConnSecMark) Parse 

func (tConnSecMark *TargetConnSecMark) Parse(main []byte) (int, bool)

func (*TargetConnSecMark) Short 

func (tConnSecMark *TargetConnSecMark) Short() string

func (*TargetConnSecMark) ShortArgs 

func (tConnSecMark *TargetConnSecMark) ShortArgs() []string

func (TargetConnSecMark) Type 

func (bt TargetConnSecMark) Type() TargetType

type TargetConnSecMarkMode 

type TargetConnSecMarkMode int8
const (
	TargetConnSecMarkModeSAVE TargetConnSecMarkMode
	TargetConnSecMarkModeRESTORE
)

type TargetDNAT 

type TargetDNAT struct {
	AddrMin    network.Address
	AddrMax    network.Address
	PortMin    int
	PortMax    int
	PortBase   int
	Random     bool
	Persistent bool
	// contains filtered or unexported fields
}

func (TargetDNAT) Equal 

func (bt TargetDNAT) Equal(tgt Target) bool

func (*TargetDNAT) Long 

func (tDNAT *TargetDNAT) Long() string

func (*TargetDNAT) LongArgs 

func (tDNAT *TargetDNAT) LongArgs() []string

func (*TargetDNAT) Parse 

func (tDNAT *TargetDNAT) Parse(main []byte) (int, bool)

func (*TargetDNAT) Short 

func (tDNAT *TargetDNAT) Short() string

func (*TargetDNAT) ShortArgs 

func (tDNAT *TargetDNAT) ShortArgs() []string

func (TargetDNAT) Type 

func (bt TargetDNAT) Type() TargetType

type TargetDNPT 

type TargetDNPT struct {
	SrcPrefix *net.IPNet
	DstPrefix *net.IPNet
	// contains filtered or unexported fields
}

IPv6 specific

func (TargetDNPT) Equal 

func (bt TargetDNPT) Equal(tgt Target) bool

func (*TargetDNPT) Long 

func (tDNPT *TargetDNPT) Long() string

func (*TargetDNPT) LongArgs 

func (tDNPT *TargetDNPT) LongArgs() []string

func (*TargetDNPT) Parse 

func (tDNPT *TargetDNPT) Parse(main []byte) (int, bool)

func (*TargetDNPT) Short 

func (tDNPT *TargetDNPT) Short() string

func (*TargetDNPT) ShortArgs 

func (tDNPT *TargetDNPT) ShortArgs() []string

func (TargetDNPT) Type 

func (bt TargetDNPT) Type() TargetType

type TargetDSCP 

type TargetDSCP struct {
	Value int
	// contains filtered or unexported fields
}

func (TargetDSCP) Equal 

func (bt TargetDSCP) Equal(tgt Target) bool

func (*TargetDSCP) Long 

func (tDSCP *TargetDSCP) Long() string

func (*TargetDSCP) LongArgs 

func (tDSCP *TargetDSCP) LongArgs() []string

func (*TargetDSCP) Parse 

func (tDSCP *TargetDSCP) Parse(main []byte) (int, bool)

func (*TargetDSCP) Short 

func (tDSCP *TargetDSCP) Short() string

func (*TargetDSCP) ShortArgs 

func (tDSCP *TargetDSCP) ShortArgs() []string

func (TargetDSCP) Type 

func (bt TargetDSCP) Type() TargetType

type TargetDrop 

type TargetDrop struct {
	// contains filtered or unexported fields
}

func (TargetDrop) Equal 

func (bt TargetDrop) Equal(tgt Target) bool

func (*TargetDrop) Long 

func (ta *TargetDrop) Long() string

func (*TargetDrop) LongArgs 

func (ta *TargetDrop) LongArgs() []string

func (TargetDrop) Parse 

func (bt TargetDrop) Parse([]byte) (int, bool)

func (*TargetDrop) Short 

func (ta *TargetDrop) Short() string

func (*TargetDrop) ShortArgs 

func (ta *TargetDrop) ShortArgs() []string

func (TargetDrop) Type 

func (bt TargetDrop) Type() TargetType

type TargetECN 

type TargetECN struct {
	TCPRemove bool
	// contains filtered or unexported fields
}

IPv4 specific

func (TargetECN) Equal 

func (bt TargetECN) Equal(tgt Target) bool

func (*TargetECN) Long 

func (tECN *TargetECN) Long() string

func (*TargetECN) LongArgs 

func (tECN *TargetECN) LongArgs() []string

func (*TargetECN) Parse 

func (tECN *TargetECN) Parse(main []byte) (int, bool)

func (*TargetECN) Short 

func (tECN *TargetECN) Short() string

func (*TargetECN) ShortArgs 

func (tECN *TargetECN) ShortArgs() []string

func (TargetECN) Type 

func (bt TargetECN) Type() TargetType

type TargetEmpty 

type TargetEmpty struct {
	// contains filtered or unexported fields
}

func (TargetEmpty) Equal 

func (bt TargetEmpty) Equal(tgt Target) bool

func (TargetEmpty) Long 

func (bt TargetEmpty) Long() string

func (TargetEmpty) LongArgs 

func (bt TargetEmpty) LongArgs() []string

func (TargetEmpty) Parse 

func (bt TargetEmpty) Parse([]byte) (int, bool)

func (TargetEmpty) Short 

func (bt TargetEmpty) Short() string

func (TargetEmpty) ShortArgs 

func (bt TargetEmpty) ShortArgs() []string

func (TargetEmpty) Type 

func (bt TargetEmpty) Type() TargetType

type TargetGotoChain 

type TargetGotoChain struct {
	// contains filtered or unexported fields
}

func (TargetGotoChain) Equal 

func (bt TargetGotoChain) Equal(tgt Target) bool

func (*TargetGotoChain) Long 

func (ta *TargetGotoChain) Long() string

func (*TargetGotoChain) LongArgs 

func (ta *TargetGotoChain) LongArgs() []string

func (TargetGotoChain) Parse 

func (bt TargetGotoChain) Parse([]byte) (int, bool)

func (*TargetGotoChain) Short 

func (ta *TargetGotoChain) Short() string

func (*TargetGotoChain) ShortArgs 

func (ta *TargetGotoChain) ShortArgs() []string

func (TargetGotoChain) Type 

func (bt TargetGotoChain) Type() TargetType

type TargetHL 

type TargetHL struct {
	Operator xtables.Operator
	Value    int
	// contains filtered or unexported fields
}

IPv6 specific

func (TargetHL) Equal 

func (bt TargetHL) Equal(tgt Target) bool

func (*TargetHL) Long 

func (tHL *TargetHL) Long() string

func (*TargetHL) LongArgs 

func (tHL *TargetHL) LongArgs() []string

func (*TargetHL) Parse 

func (tHL *TargetHL) Parse(main []byte) (int, bool)

func (*TargetHL) Short 

func (tHL *TargetHL) Short() string

func (*TargetHL) ShortArgs 

func (tHL *TargetHL) ShortArgs() []string

func (TargetHL) Type 

func (bt TargetHL) Type() TargetType

type TargetHMark 

type TargetHMark struct {
	Modulus     int
	Offset      int
	Tuple       HMarkTuple
	SrcPrefix   int
	DstPrefix   int
	SrcPortMask int
	DstPortMask int
	SPIMask     int
	SrcPort     int
	DstPort     int
	SPI         int
	ProtoMask   int
	Random      int
	// contains filtered or unexported fields
}

func (TargetHMark) Equal 

func (bt TargetHMark) Equal(tgt Target) bool

func (*TargetHMark) Long 

func (tHMark *TargetHMark) Long() string

func (*TargetHMark) LongArgs 

func (tHMark *TargetHMark) LongArgs() []string

func (*TargetHMark) Parse 

func (tHMark *TargetHMark) Parse(main []byte) (int, bool)

func (*TargetHMark) Short 

func (tHMark *TargetHMark) Short() string

func (*TargetHMark) ShortArgs 

func (tHMark *TargetHMark) ShortArgs() []string

func (TargetHMark) Type 

func (bt TargetHMark) Type() TargetType

type TargetIdleTimer 

type TargetIdleTimer struct {
	Timeout int
	Label   string
	Alarm   bool
	// contains filtered or unexported fields
}

func (TargetIdleTimer) Equal 

func (bt TargetIdleTimer) Equal(tgt Target) bool

func (*TargetIdleTimer) Long 

func (tIdleTimer *TargetIdleTimer) Long() string

func (*TargetIdleTimer) LongArgs 

func (tIdleTimer *TargetIdleTimer) LongArgs() []string

func (*TargetIdleTimer) Parse 

func (tIdleTimer *TargetIdleTimer) Parse(main []byte) (int, bool)

func (*TargetIdleTimer) Short 

func (tIdleTimer *TargetIdleTimer) Short() string

func (*TargetIdleTimer) ShortArgs 

func (tIdleTimer *TargetIdleTimer) ShortArgs() []string

func (TargetIdleTimer) Type 

func (bt TargetIdleTimer) Type() TargetType

type TargetJumpChain 

type TargetJumpChain struct {
	// contains filtered or unexported fields
}

func (TargetJumpChain) Equal 

func (bt TargetJumpChain) Equal(tgt Target) bool

func (*TargetJumpChain) Long 

func (ta *TargetJumpChain) Long() string

func (*TargetJumpChain) LongArgs 

func (ta *TargetJumpChain) LongArgs() []string

func (TargetJumpChain) Parse 

func (bt TargetJumpChain) Parse([]byte) (int, bool)

func (*TargetJumpChain) Short 

func (ta *TargetJumpChain) Short() string

func (*TargetJumpChain) ShortArgs 

func (ta *TargetJumpChain) ShortArgs() []string

func (TargetJumpChain) Type 

func (bt TargetJumpChain) Type() TargetType

type TargetLED 

type TargetLED struct {
	TriggerID   string
	Delay       int // -1 meaning infinite
	AlwaysBlink bool
	// contains filtered or unexported fields
}

func (TargetLED) Equal 

func (bt TargetLED) Equal(tgt Target) bool

func (*TargetLED) Long 

func (tLED *TargetLED) Long() string

func (*TargetLED) LongArgs 

func (tLED *TargetLED) LongArgs() []string

func (*TargetLED) Parse 

func (tLED *TargetLED) Parse(main []byte) (int, bool)

func (*TargetLED) Short 

func (tLED *TargetLED) Short() string

func (*TargetLED) ShortArgs 

func (tLED *TargetLED) ShortArgs() []string

func (TargetLED) Type 

func (bt TargetLED) Type() TargetType

type TargetLog 

type TargetLog struct {
	Level       LOGLevel
	Prefix      string
	TCPSequence bool
	TCPOptions  bool
	IPOptions   bool
	UID         bool
	// contains filtered or unexported fields
}

func (TargetLog) Equal 

func (bt TargetLog) Equal(tgt Target) bool

func (*TargetLog) Long 

func (tLOG *TargetLog) Long() string

func (*TargetLog) LongArgs 

func (tLOG *TargetLog) LongArgs() []string

func (*TargetLog) Parse 

func (tLOG *TargetLog) Parse(main []byte) (int, bool)

func (*TargetLog) Short 

func (tLOG *TargetLog) Short() string

func (*TargetLog) ShortArgs 

func (tLOG *TargetLog) ShortArgs() []string

func (TargetLog) Type 

func (bt TargetLog) Type() TargetType

type TargetMark 

type TargetMark struct {
	Operator xtables.Operator
	Mark     int
	Mask     int
	// contains filtered or unexported fields
}

func (TargetMark) Equal 

func (bt TargetMark) Equal(tgt Target) bool

func (*TargetMark) Long 

func (tMark *TargetMark) Long() string

func (*TargetMark) LongArgs 

func (tMark *TargetMark) LongArgs() []string

func (*TargetMark) Parse 

func (tMark *TargetMark) Parse(main []byte) (int, bool)

func (*TargetMark) Short 

func (tMark *TargetMark) Short() string

func (*TargetMark) ShortArgs 

func (tMark *TargetMark) ShortArgs() []string

func (TargetMark) Type 

func (bt TargetMark) Type() TargetType

type TargetMasquerade 

type TargetMasquerade struct {
	PortMin     int
	PortMax     int
	Random      bool
	RandomFully bool
	// contains filtered or unexported fields
}

func (TargetMasquerade) Equal 

func (bt TargetMasquerade) Equal(tgt Target) bool

func (*TargetMasquerade) Long 

func (tMasquerade *TargetMasquerade) Long() string

func (*TargetMasquerade) LongArgs 

func (tMasquerade *TargetMasquerade) LongArgs() []string

func (*TargetMasquerade) Parse 

func (tMasquerade *TargetMasquerade) Parse(main []byte) (int, bool)

func (*TargetMasquerade) Short 

func (tMasquerade *TargetMasquerade) Short() string

func (*TargetMasquerade) ShortArgs 

func (tMasquerade *TargetMasquerade) ShortArgs() []string

func (TargetMasquerade) Type 

func (bt TargetMasquerade) Type() TargetType

type TargetNFLog 

type TargetNFLog struct {
	Prefix    string
	Group     int
	Range     int
	Size      int
	Threshold int
	// contains filtered or unexported fields
}

func (TargetNFLog) Equal 

func (bt TargetNFLog) Equal(tgt Target) bool

func (*TargetNFLog) Long 

func (tNFLog *TargetNFLog) Long() string

func (*TargetNFLog) LongArgs 

func (tNFLog *TargetNFLog) LongArgs() []string

func (*TargetNFLog) Parse 

func (tNFLog *TargetNFLog) Parse(main []byte) (int, bool)

func (*TargetNFLog) Short 

func (tNFLog *TargetNFLog) Short() string

func (*TargetNFLog) ShortArgs 

func (tNFLog *TargetNFLog) ShortArgs() []string

func (TargetNFLog) Type 

func (bt TargetNFLog) Type() TargetType

type TargetNFQueue 

type TargetNFQueue struct {
	QueueMin  int
	QueueMax  int
	Bypass    bool
	CPUFanout bool
	// contains filtered or unexported fields
}

func (TargetNFQueue) Equal 

func (bt TargetNFQueue) Equal(tgt Target) bool

func (*TargetNFQueue) Long 

func (tNFQueue *TargetNFQueue) Long() string

func (*TargetNFQueue) LongArgs 

func (tNFQueue *TargetNFQueue) LongArgs() []string

func (*TargetNFQueue) Parse 

func (tNFQueue *TargetNFQueue) Parse(main []byte) (int, bool)

func (*TargetNFQueue) Short 

func (tNFQueue *TargetNFQueue) Short() string

func (*TargetNFQueue) ShortArgs 

func (tNFQueue *TargetNFQueue) ShortArgs() []string

func (TargetNFQueue) Type 

func (bt TargetNFQueue) Type() TargetType

type TargetNetmap 

type TargetNetmap struct {
	Addr network.Address
	// contains filtered or unexported fields
}

func (TargetNetmap) Equal 

func (bt TargetNetmap) Equal(tgt Target) bool

func (*TargetNetmap) Long 

func (tNetmap *TargetNetmap) Long() string

func (*TargetNetmap) LongArgs 

func (tNetmap *TargetNetmap) LongArgs() []string

func (*TargetNetmap) Parse 

func (tNetmap *TargetNetmap) Parse(main []byte) (int, bool)

func (*TargetNetmap) Short 

func (tNetmap *TargetNetmap) Short() string

func (*TargetNetmap) ShortArgs 

func (tNetmap *TargetNetmap) ShortArgs() []string

func (TargetNetmap) Type 

func (bt TargetNetmap) Type() TargetType

type TargetRateEst 

type TargetRateEst struct {
	Name     string
	Interval xtables.RateFloat
	Ewmalog  float64
	// contains filtered or unexported fields
}

func (TargetRateEst) Equal 

func (bt TargetRateEst) Equal(tgt Target) bool

func (*TargetRateEst) Long 

func (tRateEst *TargetRateEst) Long() string

func (*TargetRateEst) LongArgs 

func (tRateEst *TargetRateEst) LongArgs() []string

func (*TargetRateEst) Parse 

func (tRateEst *TargetRateEst) Parse(main []byte) (int, bool)

func (*TargetRateEst) Short 

func (tRateEst *TargetRateEst) Short() string

func (*TargetRateEst) ShortArgs 

func (tRateEst *TargetRateEst) ShortArgs() []string

func (TargetRateEst) Type 

func (bt TargetRateEst) Type() TargetType

type TargetRedirect 

type TargetRedirect struct {
	PortMin int
	PortMax int
	Random  bool
	// contains filtered or unexported fields
}

func (TargetRedirect) Equal 

func (bt TargetRedirect) Equal(tgt Target) bool

func (*TargetRedirect) Long 

func (tRedirect *TargetRedirect) Long() string

func (*TargetRedirect) LongArgs 

func (tRedirect *TargetRedirect) LongArgs() []string

func (*TargetRedirect) Parse 

func (tRedirect *TargetRedirect) Parse(main []byte) (int, bool)

func (*TargetRedirect) Short 

func (tRedirect *TargetRedirect) Short() string

func (*TargetRedirect) ShortArgs 

func (tRedirect *TargetRedirect) ShortArgs() []string

func (TargetRedirect) Type 

func (bt TargetRedirect) Type() TargetType

type TargetReject 

type TargetReject struct {
	RejectType RejectType
	// contains filtered or unexported fields
}

func (TargetReject) Equal 

func (bt TargetReject) Equal(tgt Target) bool

func (*TargetReject) Long 

func (tReject *TargetReject) Long() string

func (*TargetReject) LongArgs 

func (tReject *TargetReject) LongArgs() []string

func (*TargetReject) Parse 

func (tReject *TargetReject) Parse(main []byte) (int, bool)

func (*TargetReject) Short 

func (tReject *TargetReject) Short() string

func (*TargetReject) ShortArgs 

func (tReject *TargetReject) ShortArgs() []string

func (TargetReject) Type 

func (bt TargetReject) Type() TargetType

type TargetReturn 

type TargetReturn struct {
	// contains filtered or unexported fields
}

func (TargetReturn) Equal 

func (bt TargetReturn) Equal(tgt Target) bool

func (*TargetReturn) Long 

func (ta *TargetReturn) Long() string

func (*TargetReturn) LongArgs 

func (ta *TargetReturn) LongArgs() []string

func (TargetReturn) Parse 

func (bt TargetReturn) Parse([]byte) (int, bool)

func (*TargetReturn) Short 

func (ta *TargetReturn) Short() string

func (*TargetReturn) ShortArgs 

func (ta *TargetReturn) ShortArgs() []string

func (TargetReturn) Type 

func (bt TargetReturn) Type() TargetType

type TargetSNAT 

type TargetSNAT struct {
	AddrMin    network.Address
	AddrMax    network.Address
	PortMin    int
	PortMax    int
	PortBase   int
	Random     bool
	Persistent bool
	// contains filtered or unexported fields
}

func (TargetSNAT) Equal 

func (bt TargetSNAT) Equal(tgt Target) bool

func (*TargetSNAT) Long 

func (tSNAT *TargetSNAT) Long() string

func (*TargetSNAT) LongArgs 

func (tSNAT *TargetSNAT) LongArgs() []string

func (*TargetSNAT) Parse 

func (tSNAT *TargetSNAT) Parse(main []byte) (int, bool)

func (*TargetSNAT) Short 

func (tSNAT *TargetSNAT) Short() string

func (*TargetSNAT) ShortArgs 

func (tSNAT *TargetSNAT) ShortArgs() []string

func (TargetSNAT) Type 

func (bt TargetSNAT) Type() TargetType

type TargetSNPT 

type TargetSNPT struct {
	SrcPrefix *net.IPNet
	DstPrefix *net.IPNet
	// contains filtered or unexported fields
}

IPv6 specific

func (TargetSNPT) Equal 

func (bt TargetSNPT) Equal(tgt Target) bool

func (*TargetSNPT) Long 

func (tSNPT *TargetSNPT) Long() string

func (*TargetSNPT) LongArgs 

func (tSNPT *TargetSNPT) LongArgs() []string

func (*TargetSNPT) Parse 

func (tSNPT *TargetSNPT) Parse(main []byte) (int, bool)

func (*TargetSNPT) Short 

func (tSNPT *TargetSNPT) Short() string

func (*TargetSNPT) ShortArgs 

func (tSNPT *TargetSNPT) ShortArgs() []string

func (TargetSNPT) Type 

func (bt TargetSNPT) Type() TargetType

type TargetSYNProxy 

type TargetSYNProxy struct {
	WindowScale int
	MSS         int
	SockPerm    bool
	Timestamp   bool
	ECN         bool
	// contains filtered or unexported fields
}

func (TargetSYNProxy) Equal 

func (bt TargetSYNProxy) Equal(tgt Target) bool

func (*TargetSYNProxy) Long 

func (tSYNProxy *TargetSYNProxy) Long() string

func (*TargetSYNProxy) LongArgs 

func (tSYNProxy *TargetSYNProxy) LongArgs() []string

func (*TargetSYNProxy) Parse 

func (tSYNProxy *TargetSYNProxy) Parse(main []byte) (int, bool)

func (*TargetSYNProxy) Short 

func (tSYNProxy *TargetSYNProxy) Short() string

func (*TargetSYNProxy) ShortArgs 

func (tSYNProxy *TargetSYNProxy) ShortArgs() []string

func (TargetSYNProxy) Type 

func (bt TargetSYNProxy) Type() TargetType

type TargetSame 

type TargetSame struct {
	AddrMin network.Address
	AddrMax network.Address
	NoDst   bool
	Random  bool
	// contains filtered or unexported fields
}

TODO untested in the real world IPv4 specific

func (TargetSame) Equal 

func (bt TargetSame) Equal(tgt Target) bool

func (*TargetSame) Long 

func (tSame *TargetSame) Long() string

func (*TargetSame) LongArgs 

func (tSame *TargetSame) LongArgs() []string

func (*TargetSame) Parse 

func (tSame *TargetSame) Parse(main []byte) (int, bool)

func (*TargetSame) Short 

func (tSame *TargetSame) Short() string

func (*TargetSame) ShortArgs 

func (tSame *TargetSame) ShortArgs() []string

func (TargetSame) Type 

func (bt TargetSame) Type() TargetType

type TargetSecMark 

type TargetSecMark struct {
	SelCtx string
	// contains filtered or unexported fields
}

TODO untested in the real world

func (TargetSecMark) Equal 

func (bt TargetSecMark) Equal(tgt Target) bool

func (*TargetSecMark) Long 

func (tSecMark *TargetSecMark) Long() string

func (*TargetSecMark) LongArgs 

func (tSecMark *TargetSecMark) LongArgs() []string

func (*TargetSecMark) Parse 

func (tSecMark *TargetSecMark) Parse(main []byte) (int, bool)

func (*TargetSecMark) Short 

func (tSecMark *TargetSecMark) Short() string

func (*TargetSecMark) ShortArgs 

func (tSecMark *TargetSecMark) ShortArgs() []string

func (TargetSecMark) Type 

func (bt TargetSecMark) Type() TargetType

type TargetSet 

type TargetSet struct {
	Mode     SetMode
	Name     string
	Flags    []SetFlag
	Timeout  int
	Exist    bool
	MapMark  bool
	MapPrio  bool
	MapQueue bool
	// contains filtered or unexported fields
}

func (TargetSet) Equal 

func (bt TargetSet) Equal(tgt Target) bool

func (*TargetSet) Long 

func (tSet *TargetSet) Long() string

func (*TargetSet) LongArgs 

func (tSet *TargetSet) LongArgs() []string

func (*TargetSet) Parse 

func (tSet *TargetSet) Parse(main []byte) (int, bool)

func (*TargetSet) Short 

func (tSet *TargetSet) Short() string

func (*TargetSet) ShortArgs 

func (tSet *TargetSet) ShortArgs() []string

func (TargetSet) Type 

func (bt TargetSet) Type() TargetType

type TargetTCPMSS 

type TargetTCPMSS struct {
	MSS            int
	ClampMssToPmtu bool
	// contains filtered or unexported fields
}

func (TargetTCPMSS) Equal 

func (bt TargetTCPMSS) Equal(tgt Target) bool

func (*TargetTCPMSS) Long 

func (tTCPMSS *TargetTCPMSS) Long() string

func (*TargetTCPMSS) LongArgs 

func (tTCPMSS *TargetTCPMSS) LongArgs() []string

func (*TargetTCPMSS) Parse 

func (tTCPMSS *TargetTCPMSS) Parse(main []byte) (int, bool)

func (*TargetTCPMSS) Short 

func (tTCPMSS *TargetTCPMSS) Short() string

func (*TargetTCPMSS) ShortArgs 

func (tTCPMSS *TargetTCPMSS) ShortArgs() []string

func (TargetTCPMSS) Type 

func (bt TargetTCPMSS) Type() TargetType

type TargetTCPOptStrip 

type TargetTCPOptStrip struct {
	Opts []network.TCPOpt
	// contains filtered or unexported fields
}

func (TargetTCPOptStrip) Equal 

func (bt TargetTCPOptStrip) Equal(tgt Target) bool

func (*TargetTCPOptStrip) Long 

func (tTCPOptStrip *TargetTCPOptStrip) Long() string

func (*TargetTCPOptStrip) LongArgs 

func (tTCPOptStrip *TargetTCPOptStrip) LongArgs() []string

func (*TargetTCPOptStrip) Parse 

func (tTCPOptStrip *TargetTCPOptStrip) Parse(main []byte) (int, bool)

func (*TargetTCPOptStrip) Short 

func (tTCPOptStrip *TargetTCPOptStrip) Short() string

func (*TargetTCPOptStrip) ShortArgs 

func (tTCPOptStrip *TargetTCPOptStrip) ShortArgs() []string

func (TargetTCPOptStrip) Type 

func (bt TargetTCPOptStrip) Type() TargetType

type TargetTEE 

type TargetTEE struct {
	Gateway net.IP
	// contains filtered or unexported fields
}

func (TargetTEE) Equal 

func (bt TargetTEE) Equal(tgt Target) bool

func (*TargetTEE) Long 

func (tTEE *TargetTEE) Long() string

func (*TargetTEE) LongArgs 

func (tTEE *TargetTEE) LongArgs() []string

func (*TargetTEE) Parse 

func (tTEE *TargetTEE) Parse(main []byte) (int, bool)

func (*TargetTEE) Short 

func (tTEE *TargetTEE) Short() string

func (*TargetTEE) ShortArgs 

func (tTEE *TargetTEE) ShortArgs() []string

func (TargetTEE) Type 

func (bt TargetTEE) Type() TargetType

type TargetTOS 

type TargetTOS struct {
	Operator xtables.Operator
	Value    network.TOS
	Mask     network.TOS
	// contains filtered or unexported fields
}

func (TargetTOS) Equal 

func (bt TargetTOS) Equal(tgt Target) bool

func (*TargetTOS) Long 

func (tTOS *TargetTOS) Long() string

func (*TargetTOS) LongArgs 

func (tTOS *TargetTOS) LongArgs() []string

func (*TargetTOS) Parse 

func (tTOS *TargetTOS) Parse(main []byte) (int, bool)

func (*TargetTOS) Short 

func (tTOS *TargetTOS) Short() string

func (*TargetTOS) ShortArgs 

func (tTOS *TargetTOS) ShortArgs() []string

func (TargetTOS) Type 

func (bt TargetTOS) Type() TargetType

type TargetTProxy 

type TargetTProxy struct {
	IP    net.IP
	Port  int
	Value int
	Mask  int
	// contains filtered or unexported fields
}

func (TargetTProxy) Equal 

func (bt TargetTProxy) Equal(tgt Target) bool

func (*TargetTProxy) Long 

func (tTProxy *TargetTProxy) Long() string

func (*TargetTProxy) LongArgs 

func (tTProxy *TargetTProxy) LongArgs() []string

func (*TargetTProxy) Parse 

func (tTProxy *TargetTProxy) Parse(main []byte) (int, bool)

func (*TargetTProxy) Short 

func (tTProxy *TargetTProxy) Short() string

func (*TargetTProxy) ShortArgs 

func (tTProxy *TargetTProxy) ShortArgs() []string

func (TargetTProxy) Type 

func (bt TargetTProxy) Type() TargetType

type TargetTTL 

type TargetTTL struct {
	Operator xtables.Operator
	Value    int
	// contains filtered or unexported fields
}

IPv4 specific

func (TargetTTL) Equal 

func (bt TargetTTL) Equal(tgt Target) bool

func (*TargetTTL) Long 

func (tTTL *TargetTTL) Long() string

func (*TargetTTL) LongArgs 

func (tTTL *TargetTTL) LongArgs() []string

func (*TargetTTL) Parse 

func (tTTL *TargetTTL) Parse(main []byte) (int, bool)

func (*TargetTTL) Short 

func (tTTL *TargetTTL) Short() string

func (*TargetTTL) ShortArgs 

func (tTTL *TargetTTL) ShortArgs() []string

func (TargetTTL) Type 

func (bt TargetTTL) Type() TargetType

type TargetTrace 

type TargetTrace struct {
	// contains filtered or unexported fields
}

func (TargetTrace) Equal 

func (bt TargetTrace) Equal(tgt Target) bool

func (*TargetTrace) Long 

func (tTrace *TargetTrace) Long() string

func (*TargetTrace) LongArgs 

func (tTrace *TargetTrace) LongArgs() []string

func (TargetTrace) Parse 

func (bt TargetTrace) Parse([]byte) (int, bool)

func (*TargetTrace) Short 

func (tTrace *TargetTrace) Short() string

func (*TargetTrace) ShortArgs 

func (tTrace *TargetTrace) ShortArgs() []string

func (TargetTrace) Type 

func (bt TargetTrace) Type() TargetType

type TargetType 

type TargetType int
const (
	TargetTypeNull TargetType = iota
	TargetTypeAccept
	TargetTypeDrop
	TargetTypeReturn
	TargetTypeJumpChain // jump chain
	TargetTypeGotoChain // goto chain
	TargetTypeAudit
	TargetTypeCheckSum
	TargetTypeClassify
	TargetTypeClusterIP
	TargetTypeConnMark
	TargetTypeConnSecMark
	TargetTypeCT
	TargetTypeDNAT
	TargetTypeDNPT
	TargetTypeDSCP
	TargetTypeECN
	TargetTypeHL
	TargetTypeHMark
	TargetTypeIdleTimer
	TargetTypeLED
	TargetTypeLog
	TargetTypeMark
	TargetTypeMasquerade
	TargetTypeMirror // unsupport
	TargetTypeNetmap
	TargetTypeNFLog
	TargetTypeNFQueue
	TargetTypeNoTrack // unsupport
	TargetTypeRateEst
	TargetTypeRedirect
	TargetTypeReject
	TargetTypeSame
	TargetTypeSecMark
	TargetTypeSet
	TargetTypeSNAT
	TargetTypeSNPT
	TargetTypeSYNProxy
	TargetTypeTCPMSS
	TargetTypeTCPOptStrip
	TargetTypeTEE
	TargetTypeTOS
	TargetTypeTProxy
	TargetTypeTrace
	TargetTypeTTL
	TargetTypeULog
	TargetTypeEmpty
)

func (TargetType) String 

func (tt TargetType) String() string

func (TargetType) Type 

func (tt TargetType) Type() string

func (TargetType) Value 

func (tt TargetType) Value() string

type TargetULog 

type TargetULog struct {
	NetlinkGroup   int
	Prefix         string
	CopyRange      int
	QueueThreshold int
	// contains filtered or unexported fields
}

TODO untested in the real world IPv4 specific Deprecated

func (TargetULog) Equal 

func (bt TargetULog) Equal(tgt Target) bool

func (*TargetULog) Long 

func (tULog *TargetULog) Long() string

func (*TargetULog) LongArgs 

func (tULog *TargetULog) LongArgs() []string

func (*TargetULog) Parse 

func (tULog *TargetULog) Parse(main []byte) (int, bool)

func (*TargetULog) Short 

func (tULog *TargetULog) Short() string

func (*TargetULog) ShortArgs 

func (tULog *TargetULog) ShortArgs() []string

func (TargetULog) Type 

func (bt TargetULog) Type() TargetType

type TargetUnknown 

type TargetUnknown struct {
	// contains filtered or unexported fields
}

func (TargetUnknown) Equal 

func (bt TargetUnknown) Equal(tgt Target) bool

func (TargetUnknown) Long 

func (bt TargetUnknown) Long() string

func (TargetUnknown) LongArgs 

func (bt TargetUnknown) LongArgs() []string

func (TargetUnknown) Parse 

func (bt TargetUnknown) Parse([]byte) (int, bool)

func (TargetUnknown) Short 

func (bt TargetUnknown) Short() string

func (TargetUnknown) ShortArgs 

func (bt TargetUnknown) ShortArgs() []string

func (TargetUnknown) Type 

func (bt TargetUnknown) Type() TargetType

func (*TargetUnknown) Unknown 

func (tu *TargetUnknown) Unknown() string

type Zero 

type Zero struct {
	// contains filtered or unexported fields
}

func (*Zero) Long 

func (cmd *Zero) Long() string

func (*Zero) LongArgs 

func (cmd *Zero) LongArgs() []string

func (Zero) SetChainType 

func (bc Zero) SetChainType(chain ChainType)

func (*Zero) Short 

func (cmd *Zero) Short() string

func (*Zero) ShortArgs 

func (cmd *Zero) ShortArgs() []string

func (Zero) Type 

func (bc Zero) Type() CommandType

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.