Documentation
¶
Index ¶
- func GetPublicIP() (string, error)
- func GetPublicIPFromServices(services []string) (string, error)
- func InvalidatePublicIPCache()
- func SetNameForCountry(code string) string
- func ValidateAction(action string) error
- func ValidateIPSetName(name string) error
- func ValidatePort(port string) error
- type IptablesManager
- func (m *IptablesManager) CreateIPSet(name string, maxElem int) error
- func (m *IptablesManager) DestroyIPSet(name string) error
- func (m *IptablesManager) FlushIPSet(name string) error
- func (m *IptablesManager) RemoveGeoBlockRules() error
- func (m *IptablesManager) RestoreIPSet(name string, cidrs []string) error
- func (m *IptablesManager) SetDefaultDeny(port string) error
- func (m *IptablesManager) SetRule(setName, port, action string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPublicIP ¶
GetPublicIP attempts to discover the public IP of the server. Results are cached for 5 minutes. Concurrent callers share a single in-flight request.
func GetPublicIPFromServices ¶ added in v0.0.3
GetPublicIPFromServices attempts to discover the public IP by querying the given service URLs in order. It returns the IP from the first successful response.
func InvalidatePublicIPCache ¶ added in v0.0.4
func InvalidatePublicIPCache()
InvalidatePublicIPCache forces the next GetPublicIP call to fetch fresh data.
func SetNameForCountry ¶
SetNameForCountry generates the ipset name for a country code.
func ValidateAction ¶ added in v0.0.4
ValidateAction checks that an action is a whitelisted iptables jump target.
func ValidateIPSetName ¶ added in v0.0.4
ValidateIPSetName checks that a name is safe for ipset operations.
func ValidatePort ¶ added in v0.0.4
ValidatePort checks that a port string is a valid TCP port number (1-65535).
Types ¶
type IptablesManager ¶
type IptablesManager struct{}
IptablesManager wraps iptables/ipset commands.
func NewIptablesManager ¶
func NewIptablesManager() *IptablesManager
NewIptablesManager creates a new IptablesManager.
func (*IptablesManager) CreateIPSet ¶
func (m *IptablesManager) CreateIPSet(name string, maxElem int) error
CreateIPSet creates an ipset with hash:net family inet.
func (*IptablesManager) DestroyIPSet ¶
func (m *IptablesManager) DestroyIPSet(name string) error
DestroyIPSet destroys an ipset.
func (*IptablesManager) FlushIPSet ¶
func (m *IptablesManager) FlushIPSet(name string) error
FlushIPSet flushes all entries from an ipset.
func (*IptablesManager) RemoveGeoBlockRules ¶
func (m *IptablesManager) RemoveGeoBlockRules() error
RemoveGeoBlockRules removes all popugate geo-block rules.
func (*IptablesManager) RestoreIPSet ¶
func (m *IptablesManager) RestoreIPSet(name string, cidrs []string) error
RestoreIPSet loads CIDR entries via ipset restore.
func (*IptablesManager) SetDefaultDeny ¶
func (m *IptablesManager) SetDefaultDeny(port string) error
SetDefaultDeny adds a default deny rule (for whitelist mode).
func (*IptablesManager) SetRule ¶
func (m *IptablesManager) SetRule(setName, port, action string) error
SetRule creates an iptables rule for geo-blocking. action: "DROP" or "ACCEPT"
Source Files