rule

package

v0.0.9 Latest Latest Go to latest Published: Jan 17, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ngrok/firewall_toolkit

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

A library for managing nftables rules

Index ¶

type ManagedRules
- func ManagerInit(ruleTarget RuleTarget, f RulesUpdateFunc, interval time.Duration, ...) (ManagedRules, error)
- func (r *ManagedRules) GetRuleTarget() RuleTarget
- func (r *ManagedRules) Start(ctx context.Context) error
type RuleData
- func NewRuleData(id []byte, exprs []expr.Any) RuleData
type RuleTarget
- func NewRuleTarget(table *nftables.Table, chain *nftables.Chain) RuleTarget
type RulesUpdateFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ManagedRules ¶

type ManagedRules struct {
	// contains filtered or unexported fields
}

Represents a table/chain ruleset managed by the manager goroutine

func ManagerInit ¶

func ManagerInit(ruleTarget RuleTarget, f RulesUpdateFunc, interval time.Duration, logger logger.Logger) (ManagedRules, error)

Create a rule manager

func (*ManagedRules) GetRuleTarget ¶ added in v0.0.6

func (r *ManagedRules) GetRuleTarget() RuleTarget

Get the rule target that this manager is operating on

func (*ManagedRules) Start ¶

func (r *ManagedRules) Start(ctx context.Context) error

Start the rule manager goroutine

type RuleData ¶

type RuleData struct {
	Expressions []expr.Any
	// we use rule user data to store the ID
	// we do this so we can give each rule a specific id across hosts and etc
	// handles are less deterministic without setting them explicitly and lack context (only ints)
	ID []byte
}

RuleData is a struct that is used to create rules in a given table and chain

func NewRuleData ¶

func NewRuleData(id []byte, exprs []expr.Any) RuleData

Create a new RuleData from an ID and list of nftables expressions

type RuleTarget ¶ added in v0.0.3

type RuleTarget struct {
	// contains filtered or unexported fields
}

RuleTarget represents a location to manipulate nftables rules

func NewRuleTarget ¶ added in v0.0.3

func NewRuleTarget(table *nftables.Table, chain *nftables.Chain) RuleTarget

Create a new location to manipulate nftables rules

func (*RuleTarget) Add ¶ added in v0.0.3

func (r *RuleTarget) Add(c *nftables.Conn, ruleData RuleData) (bool, error)

Add a rule with a given ID to a specific table and chain, returns true if the rule was added

func (*RuleTarget) Delete ¶ added in v0.0.3

func (r *RuleTarget) Delete(c *nftables.Conn, ruleData RuleData) (bool, error)

Delete a rule with a given ID from a specific table and chain, returns true if the rule was deleted

func (*RuleTarget) Exists ¶ added in v0.0.3

func (r *RuleTarget) Exists(c *nftables.Conn, ruleData RuleData) (bool, error)

Determine if a rule with a given ID exists in a specific table and chain

func (*RuleTarget) GetTableAndChain ¶ added in v0.0.6

func (r *RuleTarget) GetTableAndChain() (*nftables.Table, *nftables.Chain)

Get the nftables table and chain associated with this RuleTarget

func (*RuleTarget) Update ¶ added in v0.0.3

func (r *RuleTarget) Update(c *nftables.Conn, rules []RuleData) (bool, error)

Compare existing and incoming rule IDs adding/removing the difference

type RulesUpdateFunc ¶

type RulesUpdateFunc func() ([]RuleData, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL