firewall

package

v0.0.0-...-fa39ccd Latest Latest Go to latest Published: Jan 7, 2026 License: GPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/evilsocket/opensnitch

Links

Open Source Insights

Documentation ¶

Index ¶

func CleanRules(logErrors bool)
func Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)
func DisableInterception() error
func EnableInterception() error
func ErrChanEmpty() bool
func ErrorsChan() <-chan string
func Init(fwType, configPath, monitorInterval string, bypassQueue bool, qNum uint16) (err error)
func IsRunning() bool
func Reload(fwtype, configPath, monitorInterval string, bypassQueue bool, queueNum uint16) (err error)
func ReloadSystemRules()
func SaveConfiguration(rawConfig []byte) error
func Serialize() (*protocol.SysFirewall, error)
func Stop()
type Firewall

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Deserialize ¶

func Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)

Deserialize transforms firewall json configuration to protobuf

func DisableInterception ¶

func DisableInterception() error

DisableInterception removes the rules to intercept outbound connections.

func EnableInterception ¶

func EnableInterception() error

EnableInterception removes the rules to intercept outbound connections.

func ErrChanEmpty ¶

func ErrChanEmpty() bool

ErrChanEmpty checks if the errors channel is empty.

func ErrorsChan ¶

func ErrorsChan() <-chan string

ErrorsChan returns the channel where the errors are sent to.

func Init ¶

func Init(fwType, configPath, monitorInterval string, bypassQueue bool, qNum uint16) (err error)

Init initializes the firewall and loads firewall rules. We'll try to use the firewall configured in the configuration (iptables/nftables). If iptables is not installed, we can add nftables rules directly to the kernel, without relying on any binaries.

func IsRunning ¶

func IsRunning() bool

IsRunning returns if the firewall is running or not.

func Reload ¶

func Reload(fwtype, configPath, monitorInterval string, bypassQueue bool, queueNum uint16) (err error)

Reload stops current firewall and initializes a new one.

func ReloadSystemRules ¶

func ReloadSystemRules()

ReloadSystemRules deletes existing rules, and add them again

func SaveConfiguration ¶

func SaveConfiguration(rawConfig []byte) error

SaveConfiguration saves configuration string to disk

func Serialize ¶

func Serialize() (*protocol.SysFirewall, error)

Serialize transforms firewall json configuration to protobuf

func Stop ¶

func Stop()

Stop deletes the firewall rules, allowing network traffic.

Types ¶

type Firewall ¶

type Firewall interface {
	Init(uint16, string, string, bool)
	Stop()
	Name() string
	IsRunning() bool
	SetQueueNum(num uint16)

	SaveConfiguration(rawConfig string) error

	EnableInterception()
	DisableInterception(bool)
	QueueDNSResponses(bool, bool) (error, error)
	QueueConnections(bool, bool) (error, error)
	CleanRules(bool)

	AddSystemRules(bool, bool)
	DeleteSystemRules(bool, bool, bool)

	Serialize() (*protocol.SysFirewall, error)
	Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)

	ErrorsChan() <-chan string
	ErrChanEmpty() bool
}

Firewall is the interface that all firewalls (iptables, nftables) must implement.

Source Files ¶

View all Source files

rules.go

Directories ¶

Path	Synopsis
common
config Package config provides functionality to load and monitor the system firewall rules.	Package config provides functionality to load and monitor the system firewall rules.
iptables
nftables
exprs
nftest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL