README
¶
iptables
This library is a wrapper around iptables to enable easy use from within applications
Development
Best Practices
Struct Tagging
All structs should be tagged for json, yaml and xml to support easy marshalling using any of these
formats. This is easily done using the gomodifytags tool which can be installed with the following
command.
Install gomodifytags
go get github.com/fatih/gomodifytags
Tag structs
gomodifytags -file <filename> -all -add-tags json,yaml,xml -add-options json=omitempty -w
Documentation
¶
Index ¶
- Constants
- func AddCustomTable(table string)
- func AppExists(app string) bool
- func CommentExists(comment string) bool
- func DeleteAllMatchingApp(app string) error
- func DeleteAllMatchingComments(comment string) error
- func DeleteAllMatchingId(id string) error
- func DeleteAllMatchingName(name string) error
- func DeleteByApp(app string) error
- func DeleteByComment(comment string) error
- func DeleteById(id string) error
- func DeleteByName(name string) error
- func EnumerateChains(table string) (chains []string, err error)
- func EnumerateRules(table string, chain string) (rules []string, err error)
- func EnumerateUsedTables() (tables []string, err error)
- func GetInvertPattern(inverted bool) string
- func GetIptablesBinaryPath(ipVer IPVer) (cmd string, err error)
- func GetRuleIndex(table string, chain string, ipVer IPVer) (ruleNum int, err error)
- func IdExists(id string) bool
- func NameExists(name string) bool
- type Action
- type Chain
- type Cmd
- type ConnMarkType
- type Controller
- type CounterValues
- type IPVer
- type ITarget
- type InvertableString
- type Rule
- type RuleLocation
- func FindRuleByApp(app string) (location *RuleLocation, err error)
- func FindRuleByComment(comment string) (location *RuleLocation, err error)
- func FindRuleByCommentWithPrefix(comment string, prefix *string) (location *RuleLocation, err error)
- func FindRuleById(id string) (location *RuleLocation, err error)
- func FindRuleByName(name string) (location *RuleLocation, err error)
- type Table
- type Target
- type TargetBalance
- type TargetClassify
- type TargetConnMark
- type TargetDNat
- type TargetDSCP
- type TargetDSCPClass
- type TargetGoto
- type TargetJump
- type TargetSNat
Constants ¶
View Source
const ( TargetAccept string = "ACCEPT" TargetDrop string = "DROP" TargetQueue string = "QUEUE" TargetReturn string = "RETURN" )
These constants are commonly used targets
View Source
const ( ChainInput string = "INPUT" ChainOutput string = "OUTPUT" ChainForward string = "FORWARD" ChainPreRouting string = "PREROUTING" ChainPostRouting string = "POSTROUTING" )
These constants are commonly used chains
View Source
const ( TableRaw string = "raw" TableFilter string = "filter" TableNat string = "nat" TableMangle string = "mangle" TableSecurity string = "security" )
These constants are the default tables
View Source
const ( ConnMarkTypeSet = iota ConnMarkTypeSave ConnMarkTypeRestore )
View Source
const ( TargetConnMarkSet string = "--set-mark" TargetConnMarkSave string = "--save-mark" TargetConnMarkRestore string = "--restore-mark" )
View Source
const ( TargetDSCPStr string = "--set-dscp" TargetDSCPClassStr string = "--set-dscp-class" )
View Source
const (
TargetBalanceStr string = "--to-destination"
)
View Source
const (
TargetClassifyStr string = "--set-class"
)
View Source
const (
TargetDNatStr string = "--to-destination"
)
View Source
const (
TargetGotoStr string = "--goto"
)
View Source
const (
TargetJumpStr string = "--jump"
)
View Source
const (
TargetSNatStr string = "--to-source"
)
Variables ¶
This section is empty.
Functions ¶
func AddCustomTable ¶
func AddCustomTable(table string)
func CommentExists ¶
func DeleteAllMatchingApp ¶
func DeleteAllMatchingId ¶
func DeleteAllMatchingName ¶
func DeleteByApp ¶
func DeleteByComment ¶
func DeleteById ¶
func DeleteByName ¶
func EnumerateChains ¶
func EnumerateUsedTables ¶
func GetInvertPattern ¶
func GetIptablesBinaryPath ¶
func GetRuleIndex ¶
func NameExists ¶
Types ¶
type Action ¶
type Action string
Action is a type that represents the valid actions for a rule to take
type Cmd ¶
type Cmd string
Cmd represents the commands that are supported by iptables
const ( CmdAppend Cmd = "append" CmdDelete Cmd = "delete" CmdInsert Cmd = "insert" CmdReplace Cmd = "replace" CmdList Cmd = "list" CmdFlush Cmd = "flush" CmdZero Cmd = "zero" CmdNewChain Cmd = "new-chain" CmdDeleteChain Cmd = "delete-chain" CmdPolicy Cmd = "policy" CmdRenameChain Cmd = "rename-chain" )
These constants are the valid values that can be used to represent commands
type ConnMarkType ¶
type ConnMarkType int
type Controller ¶
type Controller struct {
}
Controller represents the interface to iptables. It is essentially just a wrapper around exec with some state and helper functions.
type CounterValues ¶
type CounterValues struct {
Packets int `json:"packets,omitempty" yaml:"packets" xml:"packets"`
Bytes int `json:"bytes,omitempty" yaml:"bytes" xml:"bytes"`
}
CounterValues is a helper type that wraps the packet and byte counters used when setting the counter values for a new rule
type InvertableString ¶
type InvertableString struct {
Value string `json:"value,omitempty" yaml:"value" xml:"value"`
Inverted bool `json:"inverted,omitempty" yaml:"inverted" xml:"inverted"`
}
InvertableString is a helper type that wraps a string value with a flag that tells iptables if it should be inverted in the command
type Rule ¶
type Rule struct {
Id string `json:"id,omitempty" yaml:"id" xml:"id"`
Name string `json:"name,omitempty" yaml:"name" xml:"name"`
App string `json:"-" yaml:"-" xml:"-"`
Table string `json:"table,omitempty" yaml:"table" xml:"table"`
Chain string `json:"chain,omitempty" yaml:"chain" xml:"chain"`
Target ITarget `json:"target,omitempty" yaml:"target" xml:"target"`
Command Cmd `json:"command,omitempty" yaml:"command" xml:"command"`
Protocol InvertableString `json:"protocol,omitempty" yaml:"protocol" xml:"protocol"`
Source InvertableString `json:"source,omitempty" yaml:"source" xml:"source"`
Destination InvertableString `json:"destination,omitempty" yaml:"destination" xml:"destination"`
SourcePort InvertableString `json:"source_port,omitempty" yaml:"source_port" xml:"source_port"`
DestinationPort InvertableString `json:"destination_port,omitempty" yaml:"destination_port" xml:"destination_port"`
InputInterface InvertableString `json:"input_interface,omitempty" yaml:"input_interface" xml:"input_interface"`
OutputInterface InvertableString `json:"output_interface,omitempty" yaml:"output_interface" xml:"output_interface"`
Counters CounterValues `json:"counters,omitempty" yaml:"counters" xml:"counters"`
ViewOnly bool `json:"view_only,omitempty" yaml:"view_only" xml:"view_only"`
RuleNumber int `json:"rule_number,omitempty" yaml:"rule_number" xml:"rule_number"`
Debug bool `json:"debug,omitempty" yaml:"debug" xml:"debug"`
Valid bool `json:"valid,omitempty" yaml:"valid" xml:"valid"`
Applied bool `json:"applied,omitempty" yaml:"applied" xml:"applied"`
IpVersion IPVer `json:"ip_version,omitempty" yaml:"ip_version" xml:"ip_version"`
}
Rule represents a rule which can be added to or removed from iptables.
type RuleLocation ¶
func FindRuleByApp ¶
func FindRuleByApp(app string) (location *RuleLocation, err error)
func FindRuleByComment ¶
func FindRuleByComment(comment string) (location *RuleLocation, err error)
func FindRuleByCommentWithPrefix ¶
func FindRuleByCommentWithPrefix(comment string, prefix *string) (location *RuleLocation, err error)
func FindRuleById ¶
func FindRuleById(id string) (location *RuleLocation, err error)
func FindRuleByName ¶
func FindRuleByName(name string) (location *RuleLocation, err error)
type TargetBalance ¶
type TargetBalance struct {
StartingIpAddress string `json:"starting_ip_address" yaml:"starting_ip_address" xml:"starting_ip_address"`
EndingIpAddress string `json:"ending_ip_address" yaml:"ending_ip_address" xml:"ending_ip_address"`
}
func (TargetBalance) String ¶
func (t TargetBalance) String() string
func (TargetBalance) Validate ¶
func (t TargetBalance) Validate(rule Rule) error
type TargetClassify ¶
type TargetClassify struct {
Major int `json:"major" yaml:"major" xml:"major"`
Minor int `json:"minor" yaml:"minor" xml:"minor"`
}
func (TargetClassify) String ¶
func (t TargetClassify) String() string
func (TargetClassify) Validate ¶
func (t TargetClassify) Validate(rule Rule) error
type TargetConnMark ¶
type TargetConnMark struct {
MarkType ConnMarkType `json:"mark_type" yaml:"mark_type" xml:"mark_type"`
Value int `json:"value" yaml:"value" xml:"value"`
}
func (TargetConnMark) String ¶
func (t TargetConnMark) String() string
func (TargetConnMark) Validate ¶
func (t TargetConnMark) Validate(rule Rule) error
Returns if the target is valid when applied with the specified rule
type TargetDNat ¶
type TargetDNat struct {
DestinationIp string `json:"destination_ip" yaml:"destination_ip" xml:"destination_ip"`
DestinationIpRange string `json:"destination_ip_range" yaml:"destination_ip_range" xml:"destination_ip_range"`
DestinationPort string `json:"destination_port" yaml:"destination_port" xml:"destination_port"`
DestinationPortRange string `json:"destination_port_range" yaml:"destination_port_range" xml:"destination_port_range"`
}
func (TargetDNat) String ¶
func (t TargetDNat) String() string
func (TargetDNat) Validate ¶
func (t TargetDNat) Validate(rule Rule) error
Returns if the target is valid when applied with the specified rule
type TargetDSCP ¶
type TargetDSCP struct {
Value int `json:"value" yaml:"value" xml:"value"`
}
func (TargetDSCP) String ¶
func (t TargetDSCP) String() string
func (TargetDSCP) Validate ¶
func (t TargetDSCP) Validate(rule Rule) error
Returns if the target is valid when applied with the specified rule
type TargetDSCPClass ¶
type TargetDSCPClass struct {
Class string `json:"class" yaml:"class" xml:"class"`
}
func (TargetDSCPClass) String ¶
func (t TargetDSCPClass) String() string
func (TargetDSCPClass) Valid ¶
func (t TargetDSCPClass) Valid(rule Rule) bool
Returns if the target is valid when applied with the specified rule
type TargetGoto ¶
type TargetGoto struct {
Value string `json:"value" yaml:"value" xml:"value"`
}
func (TargetGoto) String ¶
func (t TargetGoto) String() string
func (TargetGoto) Validate ¶
func (t TargetGoto) Validate(rule Rule) error
Returns if the target is valid when applied with the specified rule
type TargetJump ¶
type TargetJump struct {
Value string `json:"value" yaml:"value" xml:"value"`
}
func (TargetJump) String ¶
func (t TargetJump) String() string
func (TargetJump) Validate ¶
func (t TargetJump) Validate(rule Rule) error
Returns if the target is valid when applied with the specified rule
type TargetSNat ¶
type TargetSNat struct {
SourceIp string `json:"source_ip" yaml:"source_ip" xml:"source_ip"`
SourceIpRange string `json:"source_ip_range" yaml:"source_ip_range" xml:"source_ip_range"`
SourcePort string `json:"source_port" yaml:"source_port" xml:"source_port"`
SourcePortRange string `json:"source_port_range" yaml:"source_port_range" xml:"source_port_range"`
}
func (TargetSNat) String ¶
func (t TargetSNat) String() string
func (TargetSNat) Validate ¶
func (t TargetSNat) Validate(rule Rule) error
Returns if the target is valid when applied with the specified rule
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.