rules

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2016 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Chain 

type Chain struct {
	Table       string
	ParentChain string
	Prefix      string
}

type Enforcer 

type Enforcer struct {
	Logger lager.Logger
	// contains filtered or unexported fields
}

func NewEnforcer 

func NewEnforcer(logger lager.Logger, timestamper TimeStamper, ipt IPTables) *Enforcer

func (*Enforcer) Enforce 

func (e *Enforcer) Enforce(table, parentChain, chainPrefix string, rules []Rule) error

func (*Enforcer) EnforceOnChain 

func (e *Enforcer) EnforceOnChain(c Chain, rules []Rule) error

func (*Enforcer) EnforceRulesAndChain 

func (e *Enforcer) EnforceRulesAndChain(rulesAndChain RulesWithChain) error

type GenericRule 

type GenericRule struct {
	Properties []string
}

func NewAcceptExistingLocalRule 

func NewAcceptExistingLocalRule() GenericRule

func NewAcceptExistingRemoteRule 

func NewAcceptExistingRemoteRule(vni int) GenericRule

func NewDefaultDenyLocalRule 

func NewDefaultDenyLocalRule(localSubnet string) GenericRule

func NewDefaultDenyRemoteRule 

func NewDefaultDenyRemoteRule(vni int) GenericRule

func NewDefaultEgressRule 

func NewDefaultEgressRule(localSubnet, overlayNetwork string) GenericRule

func NewLogRule 

func NewLogRule(guardConditions []string, name string) GenericRule

func NewMarkAllowRule 

func NewMarkAllowRule(destinationIP, protocol string, port int, tag string, sourceAppGUID, destinationAppGUID string) GenericRule

func NewMarkSetRule 

func NewMarkSetRule(sourceIP, tag, appGUID string) GenericRule

func NewNetOutDefaultRejectRule 

func NewNetOutDefaultRejectRule(subnet, overlayNetwork string) GenericRule

func NewNetOutRelatedEstablishedRule 

func NewNetOutRelatedEstablishedRule(subnet, overlayNetwork string) GenericRule

func NewNetOutRule 

func NewNetOutRule(containerIP string, startIP string, endIP string) GenericRule

func NewNetOutWithPortsRule 

func NewNetOutWithPortsRule(containerIP string, startIP string, endIP string, startPort int, endPort int, protocol string) GenericRule

func (GenericRule) Enforce 

func (r GenericRule) Enforce(table, chain string, iptables IPTables, logger lager.Logger) error

type IPTables 

type IPTables interface {
	Exists(table, chain string, rulespec ...string) (bool, error)
	Insert(table, chain string, pos int, rulespec ...string) error
	AppendUnique(table, chain string, rulespec ...string) error
	Delete(table, chain string, rulespec ...string) error
	List(table, chain string) ([]string, error)
	NewChain(table, chain string) error
	ClearChain(table, chain string) error
	DeleteChain(table, chain string) error
}

type Rule 

type Rule interface {
	Enforce(table, chain string, ipt IPTables, logger lager.Logger) error
}

type RuleEnforcer 

type RuleEnforcer interface {
	EnforceRulesAndChain(RulesWithChain) error
	EnforceOnChain(chain Chain, r []Rule) error
	Enforce(table, parentChain, chain string, r []Rule) error
}

type RulesWithChain 

type RulesWithChain struct {
	Chain Chain
	Rules []Rule
}

type TimeStamper 

type TimeStamper interface {
	CurrentTime() int
}

type Timestamper 

type Timestamper struct{}

func (Timestamper) CurrentTime 

func (_ Timestamper) CurrentTime() int

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.