firewall

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 1, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DEFAULT_VRF = "default"
)
View Source 
const (
	// DefaultFirewallTemplatePath 默认的防火墙模板路径
	DefaultFirewallTemplatePath = "pkg/nodemap/node/device/firewall/common/v4/templates"
)
View Source 
const (
	MAX_NAME_LENGTH = 128
)

Variables

This section is empty.

Functions

func GetName 

func GetName(name, sep string, checkFunc func(string) bool) (string, error)

func GetTemplatePath 

func GetTemplatePath(ctx *PolicyContext) string

GetTemplatePath 获取模板路径 优先级:PolicyContext.TemplatePath > 默认路径

func PrintDebug 

func PrintDebug(oneName string, onePolicyEntry policy.PolicyEntryInf, twoName string, twoPolicyEntry policy.PolicyEntryInf)

Types

type Action 

type Action int
const (
	POLICY_DENY Action
	POLICY_PERMIT
	POLICY_REJECT
	POLICY_IMPLICIT_PERMIT
	POLICY_IMPLICIT_DENY
	NAT_MATCHED
	NAT_NOMATCHED
)

func LocateAction 

func LocateAction(index int) Action

func (Action) String 

func (ac Action) String() string

type BaseIterator 

type BaseIterator struct {
	// contains filtered or unexported fields
}

BaseIterator 是一个通用的基础迭代器结构

func NewBaseIterator 

func NewBaseIterator(items []Namer, options *IteratorOptions, filterFunc func(Namer, *IteratorOptions) bool) *BaseIterator

func (*BaseIterator) HasNext 

func (bi *BaseIterator) HasNext() bool

HasNext 检查是否还有下一个元素

func (*BaseIterator) Next 

func (bi *BaseIterator) Next() Namer

Next 返回下一个元素

func (*BaseIterator) Reset 

func (bi *BaseIterator) Reset()

type BlacklistWhitelistHandler 

type BlacklistWhitelistHandler interface {
	// AddIPsToGroup 添加IP到预设地址组(策略方式)
	AddIPsToGroup(
		listType string,
		groupName string,
		ips []string,
	) (string, error) // 返回CLI命令

	// RemoveIPsFromGroup 从预设地址组移除IP(策略方式)
	RemoveIPsFromGroup(
		listType string,
		groupName string,
		ips []string,
	) (string, error) // 返回CLI命令

	// AddIPsViaAPI 通过API添加IP(专门功能方式)
	AddIPsViaAPI(
		listType string,
		ips []string,
	) (map[string]interface{}, error) // 返回API调用信息

	// RemoveIPsViaAPI 通过API移除IP(专门功能方式)
	RemoveIPsViaAPI(
		listType string,
		ips []string,
	) (map[string]interface{}, error) // 返回API调用信息

	// CheckPresetConfig 检查预设配置是否存在
	CheckPresetConfig(
		presetConfig *PresetConfig,
	) (*PresetConfigCheckResult, error)

	// GetImplementationMethod 获取实现方式
	GetImplementationMethod() string // 返回 "policy" 或 "api"
}

BlacklistWhitelistHandler 黑白名单处理器接口

type FirewallConfigAction 

type FirewallConfigAction interface {
	RunConfig(interface{}) (interface{}, error)
}

func (a NatType) String() string { return []string{"STATIC_NAT", "DYNAMIC_NAT", "DESTINATION_NAT"}[a-1] }

type FirewallL4PortObject 

type FirewallL4PortObject interface {
	Cli() string
	Name() string
	L4Port(map[string]FirewallL4PortObject) *service.L4Port
	Type() FirewallObjectType
}

type FirewallMatchResult 

type FirewallMatchResult interface {
	//FromPort() api.Port
	//OutPort() api.Port
	//Action() Action
	//Name() string
	//Cli() string
	processor.MatchResult
}

type FirewallNatRule 

type FirewallNatRule interface {
	Name() string
	Cli() string
	Original() policy.PolicyEntryInf
	Translate() policy.PolicyEntryInf
	Extended() map[string]interface{}
}

type FirewallNetworkObject 

type FirewallNetworkObject interface {
	api.JSONSerializer
	api.TypedInterface
	Cli() string
	Name() string
	Network(FirewallNode) *network.NetworkGroup
	Type() FirewallObjectType
}

type FirewallNode 

type FirewallNode interface {
	// api.Node
	InputNat(intent *policy.Intent, inPort api.Port) processor.AbstractMatchResult
	// 用于在生成配置模板时,检查Dnat对应内部服务器是否已经进行过其他映射
	InputNatTargetCheck(intent *policy.Intent, inPort, outPort api.Port) (bool, FirewallNatRule)
	OutputNat(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult
	InputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult
	OutputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

	GetObjectByNetworkGroup(*network.NetworkGroup, ObjectSearchType, api.Port) (FirewallNetworkObject, bool)
	GetObjectByService(*service.Service, ObjectSearchType) (FirewallServiceObject, bool)
	GetPoolByNetworkGroup(ng *network.NetworkGroup, natType NatType) (FirewallNetworkObject, bool)
	Network(zone, name string) (*network.NetworkGroup, bool)
	Service(name string) (*service.Service, bool)
	L4Port(name string) (*service.L4Port, bool)
	HasObjectName(name string) bool
	HasPolicyName(name string) bool
	HasPoolName(name string) bool
	HasNatName(name string) bool
	// IfIndex() int
	Type() terminalmode.DeviceType

	// GetPolicyName 获取策略名称(用于不需要命名模板的防火墙,如ASA)
	// 如果返回空字符串,则使用命名模板生成
	GetPolicyName(ctx *PolicyContext) (string, error)

	// GetSupportedNatObjectTypes 获取该防火墙支持的NAT对象类型
	// natType: "DNAT" 或 "SNAT"
	// 返回支持的NAT对象类型列表:
	//   - DNAT: 可能返回 {VIP, MIP, NETWORK_OBJECT} 等
	//   - SNAT: 可能返回 {SNAT_POOL, INTERFACE, NETWORK_OBJECT, INLINE} 等
	// 其中 VIP、MIP、SNAT_POOL 表示对应的特殊语法layout
	// NETWORK_OBJECT 表示使用网络对象(地址对象)
	// INLINE 表示内联模式(在NAT策略中直接使用地址,不生成对象)
	GetSupportedNatObjectTypes(natType string) []NatObjectType

	// GetObjectByVipMipSnatPool 检查VIP/MIP/SNAT_POOL对象是否已存在(复用检查)
	// objectType: "VIP", "MIP", "SNAT_POOL"
	// intent: 包含real_ip、real_port等信息
	// 返回 (对象, 是否找到)
	GetObjectByVipMipSnatPool(objectType string, intent *policy.Intent) (FirewallNetworkObject, bool)

	// GenerateVipMipSnatPoolName 自动生成VIP/MIP/SNAT_POOL对象名称(可选)
	// 如果Node不提供此接口,则使用配置的命名模板
	// objectType: "VIP", "MIP", "SNAT_POOL"
	// intent: 包含real_ip、real_port等信息
	// metaData: 包含policy_name等元数据
	// 返回生成的对象名称,如果返回空字符串,则使用配置的命名模板
	GenerateVipMipSnatPoolName(objectType string, intent *policy.Intent, metaData map[string]interface{}) string

	GetReuseNatObject(natType string, intent *policy.Intent, metaData map[string]interface{}) (name string, reused bool)
	DetermineNatObjectType(natType string, metaData map[string]interface{}) (NatObjectType, bool)

	DefaultStep(fp *FirewallProcess)
	UpdateSnatStep(from, to api.Port, intent *policy.Intent, fp *FirewallProcess)
	FlyConfig(cli interface{})

	Policies() []FirewallPolicy
}

type FirewallObjectType 

type FirewallObjectType int
const (
	POOL FirewallObjectType = iota + 1
	OBJECT_NETWORK
	OBJECT_SERVICE
	GROUP_NETWORK
	GROUP_SERVICE
	GROUP_PROTOCOL
	GROUP_ICMP_TYPE
	L4PORT
	OBJECT_POOL
)

func (FirewallObjectType) String 

func (aot FirewallObjectType) String() string

type FirewallPhase 

type FirewallPhase int
const (
	INPUT_NAT FirewallPhase = iota
	INPUT_POLICY
	OUTPUT_POLICY
	OUTPUT_NAT
)

func NewFirewallPhase 

func NewFirewallPhase(phase string) FirewallPhase

func (FirewallPhase) String 

func (fp FirewallPhase) String() string

type FirewallPolicy 

type FirewallPolicy interface {
	Description() string
	Action() Action
	Name() string
	ID() string
	Cli() string
	PolicyEntry() policy.PolicyEntryInf
	Extended() map[string]interface{}
	FromZones() []string
	ToZones() []string
	FromPorts() []api.Port
	ToPorts() []api.Port

	// GetSourceAddressObject 获取策略使用的源地址对象
	// 如果策略使用地址组,返回地址组对象;如果使用单个地址对象,返回地址对象;如果未使用对象,返回 nil
	GetSourceAddressObject() (FirewallNetworkObject, bool)

	// GetDestinationAddressObject 获取策略使用的目标地址对象
	// 如果策略使用地址组,返回地址组对象;如果使用单个地址对象,返回地址对象;如果未使用对象,返回 nil
	GetDestinationAddressObject() (FirewallNetworkObject, bool)

	// GetServiceObject 获取策略使用的服务对象
	// 如果策略使用服务组,返回服务组对象;如果使用单个服务对象,返回服务对象;如果未使用对象,返回 nil
	GetServiceObject() (FirewallServiceObject, bool)
}

type FirewallPort 

type FirewallPort interface {
	api.Port
	MainIpv4() string
	MainIpv6() string
}

type FirewallProcess 

type FirewallProcess struct {
	//inEntry policy.PolicyEntryInf
	//node    FirewallNode
	//steps   map[FirewallPhase]*ProcessStep
	//logger  *zap.Logger
	processor.NodeProcessor
}

func NewFirewallProcess 

func NewFirewallProcess(node FirewallNode, inEntry policy.PolicyEntryInf) *FirewallProcess

func (*FirewallProcess) Intent 

func (fp *FirewallProcess) Intent() policy.PolicyEntryInf

func (*FirewallProcess) Iterator 

func (fp *FirewallProcess) Iterator() *StepIterator

func (*FirewallProcess) MakeTemplates 

func (fp *FirewallProcess) MakeTemplates(ctx context.Context, intent *policy.Intent, inPort api.Port, vrf api.Vrf, force bool) (translateTo *policy.Intent, cmdList []interface{}, additionCli []string, err model.ProcessErr)

func (*FirewallProcess) MarshalJSON 

func (fp *FirewallProcess) MarshalJSON() ([]byte, error)

func (*FirewallProcess) RemoveStep 

func (fp *FirewallProcess) RemoveStep(step string)

func (*FirewallProcess) Step 

func (fp *FirewallProcess) Step(phase FirewallPhase) *processor.ProcessStep

func (*FirewallProcess) StepCheck 

func (fp *FirewallProcess) StepCheck(intent *policy.Intent)

func (*FirewallProcess) UnmarshalJSON 

func (fp *FirewallProcess) UnmarshalJSON(b []byte) error

func (*FirewallProcess) WithInputNat 

func (fp *FirewallProcess) WithInputNat() *FirewallProcess

func (*FirewallProcess) WithInputPolicy 

func (fp *FirewallProcess) WithInputPolicy() *FirewallProcess

func (*FirewallProcess) WithLogger 

func (fp *FirewallProcess) WithLogger(logger *zap.Logger)

func (*FirewallProcess) WithOutputNat 

func (fp *FirewallProcess) WithOutputNat() *FirewallProcess

func (*FirewallProcess) WithOutputPolicy 

func (fp *FirewallProcess) WithOutputPolicy() *FirewallProcess

type FirewallServiceObject 

type FirewallServiceObject interface {
	api.JSONSerializer
	api.TypedInterface
	Cli() string
	Name() string
	Service(FirewallNode) *service.Service
	Type() FirewallObjectType
}

type FirewallTemplates 

type FirewallTemplates interface {
	MakeStaticNatCli(from, out api.Port, intent *policy.Intent, ctx *PolicyContext) (flyObject interface{}, cmdList command.CmdList)
	MakeDynamicNatCli(from, out api.Port, intent *policy.Intent, ctx *PolicyContext) (flyObject interface{}, cmdList command.CmdList)
	MakeInputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *PolicyContext) (flyObject interface{}, cmdList command.CmdList, moveRule []string)
	MakeOutputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *PolicyContext) (flyObject interface{}, cmdList command.CmdList)
	FlyObjectToFlattenCli(flyObject interface{}, ctx *PolicyContext) string
}

type IteratorFirewall 

type IteratorFirewall interface {
	PolicyIterator(opts ...IteratorOption) NamerIterator
	AclIterator(opts ...IteratorOption) NamerIterator
	NetworkIterator(opts ...IteratorOption) NamerIterator
	ServiceIterator(opts ...IteratorOption) NamerIterator
	SnatIterator(opts ...IteratorOption) NamerIterator
	DnatIterator(opts ...IteratorOption) NamerIterator
	StaticNatIterator(opts ...IteratorOption) NamerIterator
	NatPoolIterator(opts ...IteratorOption) NamerIterator
}

type IteratorOption 

type IteratorOption func(interface{})

func WithAclType 

func WithAclType(aclType string) IteratorOption

func WithFromZone 

func WithFromZone(zone string) IteratorOption

func WithIPFamily 

func WithIPFamily(family network.IPFamily) IteratorOption

func WithNatType 

func WithNatType(natType NatType) IteratorOption

func WithNetworkGroup 

func WithNetworkGroup(ng *network.NetworkGroup) IteratorOption

func WithProtocol 

func WithProtocol(protocol int) IteratorOption

func WithToZone 

func WithToZone(zone string) IteratorOption

func WithZone 

func WithZone(zone string) IteratorOption

通用的 IteratorOption 函数

type IteratorOptions 

type IteratorOptions struct {
	Zone         string
	IPFamily     network.IPFamily
	Protocol     int
	FromZone     string
	ToZone       string
	NatType      NatType
	NetworkGroup *network.NetworkGroup
	AclType      string
}

IteratorOptions 结构体定义

func ApplyOptions 

func ApplyOptions(opts ...IteratorOption) *IteratorOptions

type MeetIntentStatus 

type MeetIntentStatus int
const (
	MEET_INIENT_UNKNOWN MeetIntentStatus = iota
	MEET_INTENT_NO
	MEET_INTENT_OK
	MEET_INTENT_MAYBE
)

func (MeetIntentStatus) String 

func (m MeetIntentStatus) String() string

type Namer 

type Namer interface {
	Name() string
}

type NamerIterator 

type NamerIterator interface {
	HasNext() bool
	Next() Namer
	Reset()
}

type Naming 

type Naming struct {
	name.NameStrategy
	// contains filtered or unexported fields
}

func NewNaming 

func NewNaming(node FirewallNode) *Naming

func (*Naming) NameNetwork 

func (snn *Naming) NameNetwork(data interface{}, port api.Port) (create, reuse string, err error)

func (*Naming) NamePool 

func (snn *Naming) NamePool(data interface{}, natType NatType) (create, reuse string, err error)

func (*Naming) NameService 

func (snn *Naming) NameService(data interface{}) (create, reuse string, err error)

func (*Naming) NewName 

func (snn *Naming) NewName(data interface{}, ruleType name.NamingRuleType) (string, error)

func (*Naming) Node 

func (snn *Naming) Node() FirewallNode

func (*Naming) WithNameService 

func (snn *Naming) WithNameService(f func(data interface{}) (string, error)) *Naming

type NatMatchResult 

type NatMatchResult struct {
	policy.Intent
	processor.MatchResult
	// contains filtered or unexported fields
}

func NewNatResultIntent 

func NewNatResultIntent(intent *policy.Intent) *NatMatchResult

func (*NatMatchResult) Analysis 

func (mr *NatMatchResult) Analysis()

func (NatMatchResult) MarshalJSON 

func (nr NatMatchResult) MarshalJSON() ([]byte, error)

func (*NatMatchResult) MeetStatus 

func (mr *NatMatchResult) MeetStatus() MeetIntentStatus

func (*NatMatchResult) Rule 

func (mr *NatMatchResult) Rule() FirewallNatRule

func (*NatMatchResult) RuleCli 

func (mr *NatMatchResult) RuleCli() string

func (*NatMatchResult) TranslateTo 

func (mr *NatMatchResult) TranslateTo() *policy.Intent

func (*NatMatchResult) WithAction 

func (mr *NatMatchResult) WithAction(action Action) policy.PolicyEntryInf

func (*NatMatchResult) WithFromPort 

func (mr *NatMatchResult) WithFromPort(port api.Port) policy.PolicyEntryInf

func (*NatMatchResult) WithMeetIntentStatus 

func (mr *NatMatchResult) WithMeetIntentStatus(status MeetIntentStatus) policy.PolicyEntryInf

func (*NatMatchResult) WithOutPort 

func (mr *NatMatchResult) WithOutPort(port api.Port) policy.PolicyEntryInf

func (*NatMatchResult) WithRule 

func (mr *NatMatchResult) WithRule(rule FirewallNatRule) policy.PolicyEntryInf

func (*NatMatchResult) WithTranslate 

func (mr *NatMatchResult) WithTranslate(intent *policy.Intent) policy.PolicyEntryInf

type NatMatchState 

type NatMatchState int
const (
	NAT_MATCH_NONE NatMatchState = iota
	NAT_MATCH_OK
	NAT_MATCH_NOT_OK
)

type NatObjectType 

type NatObjectType int
const (
	UNSUPPORTED NatObjectType
	VIP
	MIP
	SNAT_POOL
	INTERFACE
	NETWORK_OBJECT
	INLINE
)

type NatPool 

type NatPool interface {
	ID() string
	Name() string
	MatchNetworkGroup(*network.NetworkGroup) bool
	Cli() string
}

NatPool 接口定义了 NAT 池的基本操作

type NatPoolManager 

type NatPoolManager interface {
	CreateNatPool(*network.NetworkGroup, string) (NatPool, error)
}

type NatStatus 

type NatStatus int
const (
	NAT_ACTIVE NatStatus
	NAT_INACTIVE
)

func (NatStatus) String 

func (ns NatStatus) String() string

type NatType 

type NatType int
const (
	STATIC_NAT NatType
	DYNAMIC_NAT
	DESTINATION_NAT
	TWICE_NAT
)

func (NatType) String 

func (nt NatType) String() string

type ObjectReferenceMethod 

type ObjectReferenceMethod int
const (
	USE_ADDRESS ObjectReferenceMethod = iota + 1
	USE_SUBNET
	USE_IPRANGE
	USE_OBJECT
)

type ObjectSearchType 

type ObjectSearchType int
const (
	SEARCH_GROUP ObjectSearchType
	SEARCH_OBJECT
	SEARCH_OBJECT_OR_GROUP
)

type PhaseProcessAction 

type PhaseProcessAction int
const (
	PHASE_MATCHED PhaseProcessAction
	PHASE_GENERATED
)

func NewPhaseProcessAction 

func NewPhaseProcessAction(action string) PhaseProcessAction

func (PhaseProcessAction) String 

func (pa PhaseProcessAction) String() string

type PolicyContext 

type PolicyContext struct {
	context.Context
	Intent             *policy.Intent
	TranslateTo        *policy.Intent
	InPort             api.Port
	OutPort            api.Port
	Vrf                api.Vrf
	Force              bool
	CmdList            []interface{}
	AdditionCli        []string
	Node               FirewallNode
	Logger             *zap.Logger
	Variables          map[string]interface{}
	GlobalNaming       map[string]string
	DeviceSpecificData map[string]interface{}
	TraverseProcess    interface{} // 用于访问 TraverseProcess 以添加警告(使用 interface{} 避免循环依赖)
	// GeneratedObjects 存储已生成的对象映射,用于在 MakePolicyV3 和 MakeNatPolicyV3 之间共享
	// key: "network:<networkGroupString>" 或 "service:<serviceString>"
	// value: map[string]interface{} 包含 objectName, cliString, keys 等信息
	GeneratedObjects map[string]interface{}
	// TemplatePath 防火墙模板路径,如果为空则使用默认路径
	TemplatePath string
}

PolicyContext 用于在各个阶段之间传递信息

func (*PolicyContext) GetAclId 

func (pc *PolicyContext) GetAclId() string

func (*PolicyContext) GetBoolValue 

func (pc *PolicyContext) GetBoolValue(key string) (bool, bool)

GetBoolValue 获取布尔类型的值

func (*PolicyContext) GetDeviceMetaData 

func (pc *PolicyContext) GetDeviceMetaData(node api.Node) (map[string]interface{}, bool)

func (*PolicyContext) GetDstAddrObjName 

func (pc *PolicyContext) GetDstAddrObjName() string

func (*PolicyContext) GetIntValue 

func (pc *PolicyContext) GetIntValue(key string) (int, bool)

GetIntValue 获取整数类型的值

func (*PolicyContext) GetNatPoolName 

func (pc *PolicyContext) GetNatPoolName() string

func (*PolicyContext) GetServiceName 

func (pc *PolicyContext) GetServiceName() string

func (*PolicyContext) GetSiteName 

func (pc *PolicyContext) GetSiteName() (string, bool)

func (*PolicyContext) GetSrcAddrObjName 

func (pc *PolicyContext) GetSrcAddrObjName() string

func (*PolicyContext) GetStringValue 

func (pc *PolicyContext) GetStringValue(key string) (string, bool)

GetStringValue 获取字符串类型的值

func (*PolicyContext) GetValue 

func (pc *PolicyContext) GetValue(key string) (interface{}, bool)

在 PolicyContext 结构体中添加 GetValue 方法

func (*PolicyContext) SetAclId 

func (pc *PolicyContext) SetAclId(id string)

func (*PolicyContext) SetDstAddrObjName 

func (pc *PolicyContext) SetDstAddrObjName(name string)

func (*PolicyContext) SetNatPoolName 

func (pc *PolicyContext) SetNatPoolName(name string)

func (*PolicyContext) SetServiceName 

func (pc *PolicyContext) SetServiceName(name string)

func (*PolicyContext) SetSrcAddrObjName 

func (pc *PolicyContext) SetSrcAddrObjName(name string)

func (*PolicyContext) WithValue 

func (pc *PolicyContext) WithValue(key string, value interface{}) *PolicyContext

type PolicyIdFirewall 

type PolicyIdFirewall interface {
	NextPolicyId(ipType network.IPFamily) int
	FirstPolicyRuleId(ipType network.IPFamily) string
}

type PolicyIteratorOption 

type PolicyIteratorOption struct {
	// 通用选项字段
	Zone     string
	IPFamily network.IPFamily

	// 特定选项字段(使用 interface{} 类型以支持不同防火墙的特定实现)
	SpecificOptions map[string]interface{}
}

为每种迭代器类型定义具体的选项结构

type PolicyMatchResult 

type PolicyMatchResult struct {
	policy.Intent
	processor.MatchResult
	// contains filtered or unexported fields
}

func NewPolicyResultIntent 

func NewPolicyResultIntent(intent *policy.Intent) *PolicyMatchResult

func (PolicyMatchResult) MarshalJSON 

func (pr PolicyMatchResult) MarshalJSON() ([]byte, error)

func (*PolicyMatchResult) Rule 

func (mr *PolicyMatchResult) Rule() FirewallPolicy

func (*PolicyMatchResult) WithAction 

func (mr *PolicyMatchResult) WithAction(action Action) policy.PolicyEntryInf

func (*PolicyMatchResult) WithFromPort 

func (mr *PolicyMatchResult) WithFromPort(port api.Port) policy.PolicyEntryInf

func (*PolicyMatchResult) WithOutPort 

func (mr *PolicyMatchResult) WithOutPort(port api.Port) policy.PolicyEntryInf

func (*PolicyMatchResult) WithRule 

func (mr *PolicyMatchResult) WithRule(rule FirewallPolicy) policy.PolicyEntryInf

type PolicyStatus 

type PolicyStatus int
const (
	POLICY_ACTIVE PolicyStatus = iota + 1
	POLICY_INACTIVE
	POLICY_INCOMPLETE
)

func (PolicyStatus) String 

func (ps PolicyStatus) String() string

type PoolIdFirewall 

type PoolIdFirewall interface {
	NextPoolId(id string) string
}

type PresetConfig 

type PresetConfig struct {
	BlacklistPolicyName string `json:"blacklist_policy_name"`         // 预设黑名单策略名称
	BlacklistPolicyID   string `json:"blacklist_policy_id,omitempty"` // 预设黑名单策略ID
	WhitelistPolicyName string `json:"whitelist_policy_name"`         // 预设白名单策略名称
	WhitelistPolicyID   string `json:"whitelist_policy_id,omitempty"` // 预设白名单策略ID
	BlacklistGroupName  string `json:"blacklist_group_name"`          // 预设黑名单地址组名称
	WhitelistGroupName  string `json:"whitelist_group_name"`          // 预设白名单地址组名称
}

PresetConfig 预设配置信息(用于黑白名单)

type PresetConfigCheckResult 

type PresetConfigCheckResult struct {
	BlacklistPolicyOK bool              `json:"blacklist_policy_ok"` // 黑名单策略是否存在
	WhitelistPolicyOK bool              `json:"whitelist_policy_ok"` // 白名单策略是否存在
	BlacklistGroupOK  bool              `json:"blacklist_group_ok"`  // 黑名单地址组是否存在
	WhitelistGroupOK  bool              `json:"whitelist_group_ok"`  // 白名单地址组是否存在
	Details           map[string]string `json:"details,omitempty"`   // 详细信息
}

PresetConfigCheckResult 预设配置检查结果

type ProcessStep 

type ProcessStep struct {
	// contains filtered or unexported fields
}

func (*ProcessStep) Cli 

func (step *ProcessStep) Cli() string

func (*ProcessStep) CmdList 

func (step *ProcessStep) CmdList() interface{}

func (*ProcessStep) IsMeetIntent 

func (step *ProcessStep) IsMeetIntent(intent *policy.Intent) bool

POLICY_DENY Action = iota + 1 POLICY_PERMIT POLICY_IMPLICIT_PERMIT POLICY_IMPLICIT_DENY

func (*ProcessStep) MarshalJSON 

func (step *ProcessStep) MarshalJSON() ([]byte, error)

func (*ProcessStep) MatchResult 

func (step *ProcessStep) MatchResult() processor.AbstractMatchResult

func (*ProcessStep) Phase 

func (step *ProcessStep) Phase() FirewallPhase

func (*ProcessStep) PhaseAction 

func (step *ProcessStep) PhaseAction() PhaseProcessAction

func (*ProcessStep) UnmarshalJSON 

func (step *ProcessStep) UnmarshalJSON(b []byte) error

func (*ProcessStep) WithCli 

func (step *ProcessStep) WithCli(cli string) *ProcessStep

func (*ProcessStep) WithCmdList 

func (step *ProcessStep) WithCmdList(cmdList interface{}) *ProcessStep

func (*ProcessStep) WithMatchResult 

func (step *ProcessStep) WithMatchResult(result processor.AbstractMatchResult) *ProcessStep

func (*ProcessStep) WithPhaseAction 

func (step *ProcessStep) WithPhaseAction(action PhaseProcessAction) *ProcessStep

type RouteCheckFirewall 

type RouteCheckFirewall interface {
	FirewallNode
	// IpRouteCheckInternal 内部路由检查方法,返回 RouteCheckResult(包含警告信息)
	IpRouteCheckInternal(netList network.NetworkList, inPort, vrf string, af network.IPFamily) *model.RouteCheckResult
}

RouteCheckFirewall 提供内部路由检查接口的防火墙节点 用于替代反射调用 IpRouteCheckInternal 方法

type SRXNameingInputValidator 

type SRXNameingInputValidator struct{}

func (SRXNameingInputValidator) Validate 

func (aiv SRXNameingInputValidator) Validate(data map[string]interface{}) validator.Result

type StepIterator 

type StepIterator struct {
	// contains filtered or unexported fields
}

func (*StepIterator) HasNext 

func (it *StepIterator) HasNext() bool

func (*StepIterator) Next 

func (it *StepIterator) Next() (FirewallPhase, *processor.ProcessStep)

type TemplatesRequest 

type TemplatesRequest struct {
	Node    api.Node
	InPort  api.Port
	OutPort api.Port
	Intent  *policy.Intent
}

type UrlConfigStruct 

type UrlConfigStruct struct {
	Url    string
	Object interface{}
}

type ZoneFirewall 

type ZoneFirewall interface {
	Zone() string
}

Source Files

View all Source files

Directories

Path Synopsis
asa
templates
v4
templates
model
templates
srx
templates

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.