rule

package

v0.0.11 Latest Latest Go to latest Published: Jan 26, 2023 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ngrok/firewall_toolkit

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

A library for managing nftables rules

Index ¶

type ManagedRules
- func ManagerInit(ruleTarget RuleTarget, f RulesUpdateFunc, interval time.Duration, ...) (ManagedRules, error)
- func (r *ManagedRules) GetRuleTarget() RuleTarget
- func (r *ManagedRules) Start(ctx context.Context) error
type RuleData
- func NewRuleData(id []byte, exprs []expr.Any) RuleData
type RuleTarget
- func NewRuleTarget(table *nftables.Table, chain *nftables.Chain) RuleTarget
type RulesUpdateFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ManagedRules ¶

type ManagedRules struct {
	// contains filtered or unexported fields
}

Represents a table/chain ruleset managed by the manager goroutine

func ManagerInit ¶

func ManagerInit(ruleTarget RuleTarget, f RulesUpdateFunc, interval time.Duration, logger logger.Logger, metrics m.Metrics) (ManagedRules, error)

func (*ManagedRules) GetRuleTarget ¶ added in v0.0.6

func (r *ManagedRules) GetRuleTarget() RuleTarget

Get the rule target that this manager is operating on

func (*ManagedRules) Start ¶

func (r *ManagedRules) Start(ctx context.Context) error

Start the rule manager goroutine

type RuleData ¶

type RuleData struct {
	Expressions []expr.Any
	// we use rule user data to store the ID
	// we do this so we can give each rule a specific id across hosts and etc
	// handles are less deterministic without setting them explicitly and lack context (only ints)
	ID []byte
}

RuleData is a struct that is used to create rules in a given table and chain

func NewRuleData ¶

func NewRuleData(id []byte, exprs []expr.Any) RuleData

Create a new RuleData from an ID and list of nftables expressions

type RuleTarget ¶ added in v0.0.3

type RuleTarget struct {
	// contains filtered or unexported fields
}

RuleTarget represents a location to manipulate nftables rules

func NewRuleTarget ¶ added in v0.0.3

func NewRuleTarget(table *nftables.Table, chain *nftables.Chain) RuleTarget

Create a new location to manipulate nftables rules

func (*RuleTarget) Add ¶ added in v0.0.3

func (r *RuleTarget) Add(c *nftables.Conn, ruleData RuleData) (bool, error)

Add a rule with a given ID to a specific table and chain, returns true if the rule was added

func (*RuleTarget) Delete ¶ added in v0.0.3

func (r *RuleTarget) Delete(c *nftables.Conn, ruleData RuleData) (bool, error)

Delete a rule with a given ID from a specific table and chain, returns true if the rule was deleted

func (*RuleTarget) Exists ¶ added in v0.0.3

func (r *RuleTarget) Exists(c *nftables.Conn, ruleData RuleData) (bool, error)

Determine if a rule with a given ID exists in a specific table and chain

func (*RuleTarget) GetTableAndChain ¶ added in v0.0.6

func (r *RuleTarget) GetTableAndChain() (*nftables.Table, *nftables.Chain)

Get the nftables table and chain associated with this RuleTarget

func (*RuleTarget) Update ¶ added in v0.0.3

func (r *RuleTarget) Update(c *nftables.Conn, rules []RuleData) (bool, int, int, error)

Compare existing and incoming rule IDs adding/removing the difference

First return value is true if the number of rules has changed, false if there were no updates. The second and third return values indicate the number of rules added or removed, respectively.

type RulesUpdateFunc ¶

type RulesUpdateFunc func() ([]RuleData, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL