firewall

package
v1.0.20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2025 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MaxSnapshots is the number of snapshots to keep
	MaxSnapshots = 10
)

Variables

This section is empty.

Functions

func Sync 

func Sync(opts *SyncOptions) error

Sync performs atomic firewall reload

Algorithm (single phase) - v0.7.3 unified architecture: 1. Read static config (whitelist, blacklist, ports) 2. Build feed sets (Go pkg/feeds) - loaded into unified blacklist 3. Build geoban sets (Go pkg/geoban) - loaded into unified blacklist 4. Dump runtime sets (temp_whitelist_ipv4/ipv6, blacklist with timeout) 5. Generate rules.new.nft 6. Validate: nft -c -f rules.new.nft 7. Snapshot: nft list ruleset > backup.nft 8. Apply: nft -f rules.new.nft 9. Restore runtime elements (temp_whitelist, blacklist items with timeout)

Types

type RuntimeSets 

type RuntimeSets struct {
	Bans      *model.SetData
	Whitelist *model.SetData
}

RuntimeSets holds current Fail2Ban state

type SyncOptions 

type SyncOptions struct {
	StagingDir    string
	SnapshotDir   string
	WhitelistFile string
	BlacklistFile string
	FeedsDir      string
	GeobanDir     string
	TemplateFile  string
	TCPPorts      []int
	UDPPorts      []int
	DryRun        bool // If true, validate only (don't apply)
}

SyncOptions configures the atomic reload

func DefaultSyncOptions 

func DefaultSyncOptions() *SyncOptions

DefaultSyncOptions returns default sync options

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.