nft

package
v1.5.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2019 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NFT = iota
	TABLE
	CHAIN

	FamilyIP     = Family("ip")
	FamilyIP6    = Family("ip6")
	FamilyNET    = Family("net")
	FamilyINET   = Family("inet")
	FamilyARP    = Family("arp")
	FamilyBridge = Family("bridge")

	TypeSkipCreate = Type("")
	TypeNAT        = Type("nat")
	TypeFilter     = Type("filter")
)
View Source 
const (
	//NFTDebug if true, nft files will not be deleted for inspection
	NFTDebug = false
)

Variables

This section is empty.

Functions

func Apply 

func Apply(nft Nft) error

Apply (merge) nft rules

func ApplyFromFile 

func ApplyFromFile(cfg string) error

ApplyFromFile applies nft rules from a file

func Drop 

func Drop(family Family, table, chain string, handle int) error

Drop drops a single rule given a handle

func DropRules 

func DropRules(sub Nft) error

DropRules removes nft rules from a file

func IPv4Set added in v1.5.0 

func IPv4Set(family Family, table string, name string, ips ...string) error

IPv4Set creates/updates element set of type ipv4_addr

func IPv4SetDel added in v1.5.0 

func IPv4SetDel(family Family, table, name string, ips ...string) error

IPv4SetDel delete ips from a ipv4_addr set

func IPv4SetGet added in v1.5.0 

func IPv4SetGet(family Family, table, name string) ([]string, error)

IPv4SetGet gets the current ipv4 set

Types

type Chain 

type Chain struct {
	Type     Type
	Hook     string
	Priority int
	Policy   string
	Rules    []Rule
}

type Chains 

type Chains map[string]Chain

type Family 

type Family string

type Nft 

type Nft map[string]Table

func Get 

func Get() (Nft, error)

Get gets current nft ruleset

func Parse 

func Parse(config string) (Nft, error)

Parse nft json output

func (Nft) MarshalText 

func (n Nft) MarshalText() ([]byte, error)

type NftChainBlock added in v1.5.0 

type NftChainBlock struct {
	/*
		{'hook': 'prerouting',
		'family': 'ip',
		'prio': 0,
		'table': 'nat',
		'name': 'pre',
		'handle': 1,
		'type': 'nat',
		'policy': 'accept'}
	*/
	Hook     string `json:"hook"`
	Family   Family `json:"family"`
	Priority int    `json:"prio"`
	Table    string `json:"table"`
	Name     string `json:"name"`
	Handle   int    `json:"handle"`
	Type     Type   `json:"type"`
	Policy   string `json:"policy"`
}

type NftJsonBlock added in v1.5.0 

type NftJsonBlock map[string]json.RawMessage

NftJsonBlock defines a nft json block

type NftRuleBlock added in v1.5.0 

type NftRuleBlock struct {
	/*
		{'family': 'inet',
		'expr': [{'match': {'right': {'set': ['established', 'related']},
			'left': {'ct': {'key': 'state'}}}},
		{'accept': None}],
		'table': 'filter',
		'handle': 5,
		'chain': 'input'}
	*/
	Family    Family         `json:"family"`
	Expresion []NftJsonBlock `json:"expr"`
	Table     string         `json:"table"`
	Handle    int            `json:"handle"`
	Chain     string         `json:"chain"`
}

type NftSetBlock added in v1.5.0 

type NftSetBlock struct {
	Family   Family   `json:"family"`
	Name     string   `json:"name"`
	Table    string   `json:"table"`
	Elements []string `json:"elem"`
	Type     string   `json:"type"`
	Handle   int      `json:"handle"`
}

type NftTableBlock added in v1.5.0 

type NftTableBlock struct {
	//{'family': 'ip', 'name': 'nat', 'handle': 0}
	Family Family `json:"family"`
	Name   string `json:"name"`
	Handle int    `json:"handle"`
}

type Rule 

type Rule struct {
	Handle int
	Body   string
}

type Set added in v1.5.0 

type Set struct {
	//We only support ipv4_addr type
	Elements []string
}

type Sets added in v1.5.0 

type Sets map[string]Set

type Table 

type Table struct {
	Family Family
	Chains Chains
	Sets   Sets
}

type Type 

type Type string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.