Documentation
¶
Overview ¶
Package iptables provides an interface and implementations for running iptables commands.
Index ¶
Constants ¶
const LockfilePath16x = "/run/xtables.lock"
const MinCheckVersion = "1.4.11"
Versions of iptables less than this do not support the -C / --check flag (test whether a rule exists).
const WaitMinVersion = "1.4.20"
Minimum iptables versions supporting the -w and -w<seconds> flags
const WaitSecondsMinVersion = "1.4.22"
const WaitSecondsValue = "5"
const WaitString = "-w"
Variables ¶
This section is empty.
Functions ¶
func GetChainLines ¶ added in v1.3.0
GetChainLines parses a table's iptables-save data to find chains in the table. It returns a map of iptables.Chain to []byte where the []byte is the chain line from save (with counters etc.). Note that to avoid allocations memory is SHARED with save.
func IsNotFoundError ¶ added in v1.2.0
IsNotFoundError returns true if the error indicates "not found". It parses the error string looking for known values, which is imperfect but works in practice.
func MakeChainLine ¶ added in v1.3.0
MakeChainLine return an iptables-save/restore formatted chain line given a Chain
Types ¶
type Interface ¶
type Interface interface {
// GetVersion returns the "X.Y.Z" version string for iptables.
GetVersion() (string, error)
// EnsureChain checks if the specified chain exists and, if not, creates it. If the chain existed, return true.
EnsureChain(table Table, chain Chain) (bool, error)
// FlushChain clears the specified chain. If the chain did not exist, return error.
FlushChain(table Table, chain Chain) error
// DeleteChain deletes the specified chain. If the chain did not exist, return error.
DeleteChain(table Table, chain Chain) error
// EnsureRule checks if the specified rule is present and, if not, creates it. If the rule existed, return true.
EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error)
// DeleteRule checks if the specified rule is present and, if so, deletes it.
DeleteRule(table Table, chain Chain, args ...string) error
// IsIpv6 returns true if this is managing ipv6 tables
IsIpv6() bool
// SaveInto calls `iptables-save` for table and stores result in a given buffer.
SaveInto(table Table, buffer *bytes.Buffer) error
// Restore runs `iptables-restore` passing data through []byte.
// table is the Table to restore
// data should be formatted like the output of SaveInto()
// flush sets the presence of the "--noflush" flag. see: FlushFlag
// counters sets the "--counters" flag. see: RestoreCountersFlag
Restore(table Table, data []byte, flush FlushFlag, counters RestoreCountersFlag) error
// RestoreAll is the same as Restore except that no table is specified.
RestoreAll(data []byte, flush FlushFlag, counters RestoreCountersFlag) error
// AddReloadFunc adds a function to call on iptables reload
AddReloadFunc(reloadFunc func())
// Destroy cleans up resources used by the Interface
Destroy()
}
An injectable interface for running iptables commands. Implementations must be goroutine-safe.
type RestoreCountersFlag ¶ added in v1.1.0
type RestoreCountersFlag bool
Option flag for Restore
const NoRestoreCounters RestoreCountersFlag = false
const RestoreCounters RestoreCountersFlag = true
type RulePosition ¶ added in v0.18.0
type RulePosition string
const ( Prepend RulePosition = "-I" Append RulePosition = "-A" )
Source Files
Directories