Documentation
¶
Overview ¶
Package config provides functionality to load and monitor the system firewall rules. It's inherited by the different firewall packages (iptables, nftables).
The firewall rules defined by the user are reloaded in these cases: - When the file system-fw.json changes. - When the firewall rules are not present when listing them.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
SysConfig SystemConfig
sync.Mutex
// contains filtered or unexported fields
}
Config holds the functionality to re/load the firewall configuration from disk. This is the configuration to manage the system firewall (iptables, nftables).
func (*Config) LoadDiskConfiguration ¶
LoadDiskConfiguration reads and loads the firewall configuration from disk
func (*Config) NewSystemFwConfig ¶
NewSystemFwConfig initializes config fields
func (*Config) SaveConfiguration ¶
SaveConfiguration saves configuration to disk. This event dispatches a reload of the configuration.
func (*Config) SetConfigFile ¶
SetConfigFile sets the absolute path to the configuration file to use. If it's empty, it'll be ignored (when changing the fw type for example).
func (*Config) StopConfigWatcher ¶
func (c *Config) StopConfigWatcher()
StopConfigWatcher stops the configuration watcher and stops the subroutine.
type ExprStatement ¶
type ExprStatement struct {
Op string // ==, !=, ... Only one per expression set.
Name string // tcp, udp, ct, daddr, log, ...
Values []*ExprValues // dport 8000
}
ExprStatement holds the definition of matches to use against connections.
{
"Op": "!=",
"Name": "tcp",
"Values": [
{
"Key": "dport",
"Value": "443"
}
]
}
type ExprValues ¶
ExprValues holds the statements' options: "Name": "ct", "Values": [
{
"Key": "state",
"Value": "established"
},
{
"Key": "state",
"Value": "related"
}]
type Expressions ¶
type Expressions struct {
Statement *ExprStatement
}
Expressions holds the array of expressions that create the rules
type FwChain ¶
type FwChain struct {
// table fields
Table string
Family string
// chain fields
Name string
Description string
Priority string
Type string
Hook string
Policy string
Rules []*FwRule
}
FwChain holds the information that defines a firewall chain. It also contains the firewall table definition that it belongs to.
type FwRule ¶
type FwRule struct {
*sync.RWMutex
// we need to keep old fields in the struct. Otherwise when receiving a conf from the GUI, the legacy rules would be deleted.
Chain string // TODO: deprecated, remove
Table string // TODO: deprecated, remove
Parameters string // TODO: deprecated, remove
UUID string
Description string
Target string
TargetParameters string
Expressions []*Expressions
Position uint64 `json:",string"`
Enabled bool
}
FwRule holds the fields of a rule
Source Files