nftbackend

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2026 License: MPL-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AddElementRequest 

type AddElementRequest struct {
	Table   string // e.g., "ip nftban", "ip6 nftban", "inet nftban"
	Set     string // e.g., "whitelist_ipv4", "tcp_ports"
	Element string // e.g., "1.2.3.4", "8080"
	Timeout int    // seconds, 0 = permanent
}

AddElementRequest for generic set element operations

type ApplyRulesetRequest 

type ApplyRulesetRequest struct {
	FilePath string // path to .nft file
	Check    bool   // if true, validate only (nft -c)
}

ApplyRulesetRequest for applying complete rulesets

type Backend 

type Backend struct {
	// contains filtered or unexported fields
}

Backend provides serialized access to nftables write operations. All operations are thread-safe and atomic where possible.

func New 

func New() *Backend

New creates a new nftables backend

func (*Backend) AddElement 

func (b *Backend) AddElement(ctx context.Context, req AddElementRequest) error

AddElement adds an element to any set This is the ONLY authorized add element implementation

func (*Backend) ApplyRuleset 

func (b *Backend) ApplyRuleset(ctx context.Context, req ApplyRulesetRequest) error

ApplyRuleset applies a ruleset from a file This is the ONLY authorized apply ruleset implementation

func (*Backend) Ban 

func (b *Backend) Ban(ctx context.Context, req BanRequest) (*BanResult, error)

Ban adds an IP to the appropriate blacklist set This is the ONLY authorized ban implementation

func (*Backend) CheckIP 

func (b *Backend) CheckIP(ctx context.Context, ip string) (bool, string, error)

CheckIP checks if an IP is in a specific set (read operation)

func (*Backend) DeleteElement 

func (b *Backend) DeleteElement(ctx context.Context, req DeleteElementRequest) error

DeleteElement removes an element from any set This is the ONLY authorized delete element implementation

func (*Backend) FlushSet 

func (b *Backend) FlushSet(ctx context.Context, req FlushSetRequest) error

FlushSet flushes all elements from a set This is the ONLY authorized flush set implementation

func (*Backend) GetStats 

func (b *Backend) GetStats() Stats

GetStats returns current statistics

func (*Backend) HealthCheck 

func (b *Backend) HealthCheck(ctx context.Context) error

HealthCheck verifies nftables is operational

func (*Backend) Unban 

func (b *Backend) Unban(ctx context.Context, req UnbanRequest) (*UnbanResult, error)

Unban removes an IP from the appropriate blacklist set This is the ONLY authorized unban implementation

type BanRequest 

type BanRequest struct {
	IP      string
	Timeout int // seconds, 0 = permanent
	Reason  string
	Source  string
}

BanRequest contains parameters for banning an IP

type BanResult 

type BanResult struct {
	Success bool
	IP      string
	Set     string
	Message string
}

BanResult contains the result of a ban operation

type DeleteElementRequest 

type DeleteElementRequest struct {
	Table   string
	Set     string
	Element string
}

DeleteElementRequest for removing set elements

type FlushSetRequest 

type FlushSetRequest struct {
	Table string
	Set   string
}

FlushSetRequest for flushing sets

type Stats 

type Stats struct {
	Bans      int64
	Unbans    int64
	Syncs     int64
	Errors    int64
	LastError string
}

Stats tracks operation counts

type UnbanRequest 

type UnbanRequest struct {
	IP string
}

UnbanRequest contains parameters for unbanning an IP

type UnbanResult 

type UnbanResult struct {
	Success bool
	IP      string
	Set     string
	Message string
}

UnbanResult contains the result of an unban operation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.