Documentation
¶
Index ¶
- func CIDRsFileContent(cidrs []string) string
- func DomainsFileContent(domains []string) string
- func NftablesConf() string
- func PresetCIDRs(name string) []string
- func PresetDomains(name string) []string
- func ResolveDomains(egress string, allow []string) []string
- func ResolveScript() string
- func SafeAptScript() string
- func SudoersRestricted() string
- func SudoersUnrestricted() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CIDRsFileContent ¶
CIDRsFileContent returns the content of /etc/pixels-egress-cidrs.
func DomainsFileContent ¶
DomainsFileContent returns the content of /etc/pixels-egress-domains.
func PresetCIDRs ¶
PresetCIDRs returns the CIDR ranges for a named preset. Returns nil if the preset doesn't exist or has no CIDRs.
func PresetDomains ¶
PresetDomains returns the domain allowlist for a named preset. Returns nil if the preset doesn't exist.
func ResolveDomains ¶
ResolveDomains returns the final domain list for the given egress mode. Returns nil for "unrestricted".
func ResolveScript ¶
func ResolveScript() string
ResolveScript returns the shell script that reads /etc/pixels-egress-domains and /etc/pixels-egress-cidrs, and populates the nftables allowed_v4 set.
func SafeAptScript ¶
func SafeAptScript() string
SafeAptScript returns a wrapper script that sanitizes apt-get arguments, blocking -o flags (which allow arbitrary command execution via Pre-Invoke) and restricting to safe subcommands.
func SudoersRestricted ¶
func SudoersRestricted() string
SudoersRestricted returns the sudoers content for restricted egress mode.
func SudoersUnrestricted ¶
func SudoersUnrestricted() string
SudoersUnrestricted returns the blanket sudoers content (current behavior).
Types ¶
This section is empty.
Source Files