Documentation ¶
Index ¶
Constants ¶
const ( Input iptablesChain = iota Output = iota )
Variables ¶
This section is empty.
Functions ¶
func AreIP6TablesSupported ¶
func AreIP6TablesSupported() bool
nolint:unused // Will be used once FirewallManager is integrated
Types ¶
type CommandRunner ¶
CommandRunner is an abstraction over linux command execution.
type ExecCommandRunner ¶
type ExecCommandRunner struct { }
ExecCommandRunner is implementation of CommandRunner that facilitates commands execution with Exec calls. nolint:unused // Will be used once FirewallManager is integrated
func (ExecCommandRunner) RunCommand ¶
func (ExecCommandRunner) RunCommand(command string, args string) (string, error)
nolint:unused // Will be used once FirewallManager is integrated
type FwRule ¶
type FwRule struct {
// contains filtered or unexported fields
}
func NewFwRule ¶
func NewFwRule(chain iptablesChain, version IpVersion, params string, priority RulePriority) FwRule
NewFwRule returns a new representation of iptables rule.
Args:
chain - chain in which rule should be inserted version - version of iptables command which should be used to execute the rule, can be ipv4, ipv6 or both params - rest of the params, need to be valid iptables command arguments separated by spaces priority - priority at which rule should be inserted
func (FwRule) ToDeleteCommand ¶
func (FwRule) ToInsertAppendCommand ¶
ToInsertAppendCommand returns the FwRule converted to insert command(-I <CHAIN> <ARGS>) or append command if index is -1.
type IPTablesManager ¶
type IPTablesManager struct {
// contains filtered or unexported fields
}
IPTablesManager manages priority and execution of firewall rules with iptables.
func NewIPTablesManager ¶
func NewIPTablesManager(cmdRunner CommandRunner, enabled bool, ip6tablesSupported bool) IPTablesManager
func (IPTablesManager) DeleteRule ¶
func (i IPTablesManager) DeleteRule(rule FwRule) error
func (IPTablesManager) InsertRule ¶
func (i IPTablesManager) InsertRule(rule FwRule) error
type IpVersion ¶
type IpVersion int
IpVersion determines which version of iptables command should be used, i.e iptables, ip6tables or both
type RulePriority ¶
type RulePriority int
RulePriority determines a line in iptables where rule should be inserted. In iptables, rules are numbered in descending order, with rule with lower line number taking precedence over following rules. Higher priority will result in lower line number.