iptables

package

v0.2.2 Latest Latest Go to latest Published: Dec 2, 2025 License: BSD-3-Clause Imports: 24 Imported by: 0

Documentation ¶

Rendered for

Index ¶

type InterfaceState
type Manager
- func Create(wgIface iFaceMapper, mtu uint16) (*Manager, error)
type Rule
- func (r *Rule) ID() string
type ShutdownState
- func (s *ShutdownState) Cleanup() error
- func (s *ShutdownState) Name() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type InterfaceState ¶

type InterfaceState struct {
	NameStr       string         `json:"name"`
	WGAddress     wgaddr.Address `json:"wg_address"`
	UserspaceBind bool           `json:"userspace_bind"`
	MTU           uint16         `json:"mtu"`
}

func (*InterfaceState) Address ¶

func (i *InterfaceState) Address() wgaddr.Address

func (*InterfaceState) IsUserspaceBind ¶

func (i *InterfaceState) IsUserspaceBind() bool

func (*InterfaceState) Name ¶

func (i *InterfaceState) Name() string

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager of iptables firewall

func Create ¶

func Create(wgIface iFaceMapper, mtu uint16) (*Manager, error)

Create iptables firewall manager

func (*Manager) AddDNATRule ¶

func (m *Manager) AddDNATRule(rule firewall.ForwardRule) (firewall.Rule, error)

AddDNATRule adds a DNAT rule

func (*Manager) AddInboundDNAT ¶

func (m *Manager) AddInboundDNAT(localAddr netip.Addr, protocol firewall.Protocol, sourcePort, targetPort uint16) error

AddInboundDNAT adds an inbound DNAT rule redirecting traffic from Nirvati Connect peers to local services.

func (*Manager) AddNatRule ¶

func (m *Manager) AddNatRule(pair firewall.RouterPair) error

func (*Manager) AddPeerFiltering ¶

func (m *Manager) AddPeerFiltering(
	id []byte,
	ip net.IP,
	proto firewall.Protocol,
	sPort *firewall.Port,
	dPort *firewall.Port,
	action firewall.Action,
	ipsetName string,
) ([]firewall.Rule, error)

AddPeerFiltering adds a rule to the firewall

Comment will be ignored because some system this feature is not supported

func (*Manager) AddRouteFiltering ¶

func (m *Manager) AddRouteFiltering(
	id []byte,
	sources []netip.Prefix,
	destination firewall.Network,
	proto firewall.Protocol,
	sPort, dPort *firewall.Port,
	action firewall.Action,
) (firewall.Rule, error)

func (*Manager) AllowNirvatiConnect ¶

func (m *Manager) AllowNirvatiConnect() error

AllowNirvatiConnect allows nirvati-connect interface traffic

func (*Manager) Close ¶

func (m *Manager) Close(stateManager *statemanager.Manager) error

Reset firewall to the default state

func (*Manager) DeleteDNATRule ¶

func (m *Manager) DeleteDNATRule(rule firewall.Rule) error

DeleteDNATRule deletes a DNAT rule

func (*Manager) DeletePeerRule ¶

func (m *Manager) DeletePeerRule(rule firewall.Rule) error

DeletePeerRule from the firewall by rule definition

func (*Manager) DeleteRouteRule ¶

func (m *Manager) DeleteRouteRule(rule firewall.Rule) error

func (*Manager) DisableRouting ¶

func (m *Manager) DisableRouting() error

func (*Manager) EnableRouting ¶

func (m *Manager) EnableRouting() error

func (*Manager) Flush ¶

func (m *Manager) Flush() error

Flush doesn't need to be implemented for this manager

func (*Manager) Init ¶

func (m *Manager) Init(stateManager *statemanager.Manager) error

func (*Manager) IsServerRouteSupported ¶

func (m *Manager) IsServerRouteSupported() bool

func (*Manager) IsStateful ¶

func (m *Manager) IsStateful() bool

func (*Manager) RemoveInboundDNAT ¶

func (m *Manager) RemoveInboundDNAT(localAddr netip.Addr, protocol firewall.Protocol, sourcePort, targetPort uint16) error

RemoveInboundDNAT removes an inbound DNAT rule.

func (*Manager) RemoveNatRule ¶

func (m *Manager) RemoveNatRule(pair firewall.RouterPair) error

func (*Manager) SetLegacyManagement ¶

func (m *Manager) SetLegacyManagement(isLegacy bool) error

func (*Manager) SetLogLevel ¶

func (m *Manager) SetLogLevel(log.Level)

SetLogLevel sets the log level for the firewall manager

func (*Manager) UpdateSet ¶

func (m *Manager) UpdateSet(set firewall.Set, prefixes []netip.Prefix) error

UpdateSet updates the set with the given prefixes

type Rule ¶

type Rule struct {
	// contains filtered or unexported fields
}

Rule to handle management of rules

func (*Rule) ID ¶

func (r *Rule) ID() string

GetRuleID returns the rule id

type ShutdownState ¶

type ShutdownState struct {
	sync.Mutex

	InterfaceState *InterfaceState `json:"interface_state,omitempty"`

	RouteRules        routeRules    `json:"route_rules,omitempty"`
	RouteIPsetCounter *ipsetCounter `json:"route_ipset_counter,omitempty"`

	ACLEntries    aclEntries  `json:"acl_entries,omitempty"`
	ACLIPsetStore *ipsetStore `json:"acl_ipset_store,omitempty"`
}

func (*ShutdownState) Cleanup ¶

func (s *ShutdownState) Cleanup() error

func (*ShutdownState) Name ¶

func (s *ShutdownState) Name() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL