ports

package
v1.192.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2026 License: MPL-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const PanelStateFile = "/var/lib/nftban/panels/enabled.conf"

PanelStateFile location

Variables

This section is empty.

Functions

func AddPortToFile 

func AddPortToFile(filePath string, port int, protocol string) error

AddPortToFile adds a port rule to a configuration file

func LoadEnabledPanels 

func LoadEnabledPanels() ([]string, error)

LoadEnabledPanels reads the panel state file and returns enabled panel names

func RemovePortFromFile 

func RemovePortFromFile(filePath string, port int) error

RemovePortFromFile removes a port rule from a configuration file

func RenderEffectiveElements added in v1.192.1 

func RenderEffectiveElements(configDir string, sshPorts []int) (string, error)

RenderEffectiveElements loads the config authority (same as daemon sync) and returns the KEY=CSV element lines the shell render substitutes into the set blocks. sshPorts is the SSH-detection authority's output (required upstream).

func SetPanelEnabled 

func SetPanelEnabled(panelName string, enabled bool) error

SetPanelEnabled updates the panel state file to enable/disable a panel

Types

type EffectivePortSets added in v1.192.1 

type EffectivePortSets struct {
	TCPIn  []int
	TCPOut []int
	UDPIn  []int
	UDPOut []int
}

EffectivePortSets is the complete effective service-port set per direction. It is family-identical (applied to both ip and ip6), matching daemon sync.

func ComputeEffective added in v1.192.1 

func ComputeEffective(all *PortConfig, sshPorts []int) *EffectivePortSets

ComputeEffective unions the documented baseline floor + SSH ports (the SSH-detection authority) + the loaded PortConfig directional ports (the ports.d + enabled-panel authority that daemon sync applies via LoadAllPorts).

Pure (no I/O): hermetically testable. Output is deduplicated, validated (1..65535), and sorted so the render and the daemon agree byte-for-byte and a re-render is idempotent.

func EffectiveServicePorts added in v1.192.1 

func EffectiveServicePorts(configDir string, sshPorts []int) (*EffectivePortSets, error)

EffectiveServicePorts loads the SAME config authority daemon sync uses (LoadAllPorts = ports.d + enabled-panel profiles) and returns the complete effective sets. This is the entry point the atomic rebuild render will consume (Increment 3) so it installs the complete sets inside the single `nft -f`.

type PanelConfig 

type PanelConfig struct {
	Name       string // Panel name (directadmin, cpanel, plesk)
	Enabled    bool   // Whether panel is enabled
	ConfigFile string // Path to panel config file
	TCPIn      []int  // TCP input ports
	TCPOut     []int  // TCP output ports (for OUTPUT chain)
	UDPIn      []int  // UDP input ports
	UDPOut     []int  // UDP output ports (for OUTPUT chain)
}

PanelConfig represents a control panel's port configuration

func LoadPanelConfig 

func LoadPanelConfig(configDir, panelName string) (*PanelConfig, error)

LoadPanelConfig loads port configuration for a specific panel by reading its bash config file

type PortConfig 

type PortConfig struct {
	TCPPorts    []int            // All TCP ports (from T and B rules)
	UDPPorts    []int            // All UDP ports (from U and B rules)
	TCPPortsIn  []int            `json:"tcp_ports_in"`  // TCP ports for input direction
	TCPPortsOut []int            `json:"tcp_ports_out"` // TCP ports for output direction
	UDPPortsIn  []int            `json:"udp_ports_in"`  // UDP ports for input direction
	UDPPortsOut []int            `json:"udp_ports_out"` // UDP ports for output direction
	AllRules    []PortRule       // All rules with metadata
	PortMap     map[int][]string // port -> protocols (for deduplication)
}

PortConfig holds all port rules loaded from configuration

func LoadAllPanelPorts 

func LoadAllPanelPorts(configDir string) (*PortConfig, error)

LoadAllPanelPorts loads port configuration for all enabled panels

func LoadAllPorts 

func LoadAllPorts(configDir string) (*PortConfig, error)

LoadAllPorts loads ports from BOTH ports.d/ directory AND enabled panel configs

func LoadPortsFromDirectory 

func LoadPortsFromDirectory(dir string) (*PortConfig, error)

LoadPortsFromDirectory loads all port configuration files from a directory Expected format: PORT/PROTOCOL where PROTOCOL is T (TCP), U (UDP), or B (Both) Example: 22/T, 53/B, 80/T

func LoadPortsFromFile 

func LoadPortsFromFile(filePath string) (*PortConfig, error)

LoadPortsFromFile loads port rules from a single configuration file

func (*PortConfig) GetAllPorts 

func (c *PortConfig) GetAllPorts() []int

GetAllPorts returns all unique ports regardless of protocol

func (*PortConfig) GetTCPPorts 

func (c *PortConfig) GetTCPPorts() []int

GetTCPPorts returns all TCP ports (from T and B rules)

func (*PortConfig) GetUDPPorts 

func (c *PortConfig) GetUDPPorts() []int

GetUDPPorts returns all UDP ports (from U and B rules)

type PortRule 

type PortRule struct {
	Port      int    // Port number (e.g., 22, 80, 443)
	Protocol  string // "T" (TCP), "U" (UDP), or "B" (Both)
	Direction string // "I" (Input), "O" (Output), "IO" (Both) - default "I"
	Source    string // Config file where this rule came from
}

PortRule represents a single port rule

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.