Documentation ¶
Overview ¶
Package config provides functionality to load and monitor the system firewall rules. It's inherited by the different firewall packages (iptables, nftables).
The firewall rules defined by the user are reloaded in these cases: - When the file system-fw.json changes. - When the firewall rules are not present when listing them.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { SysConfig SystemConfig sync.Mutex // contains filtered or unexported fields }
Config holds the functionality to re/load the firewall configuration from disk. This is the configuration to manage the system firewall (iptables, nftables).
func (*Config) LoadDiskConfiguration ¶
LoadDiskConfiguration reads and loads the firewall configuration from disk
func (*Config) NewSystemFwConfig ¶
NewSystemFwConfig initializes config fields
func (*Config) SaveConfiguration ¶
SaveConfiguration saves configuration to disk. This event dispatches a reload of the configuration.
func (*Config) SetConfigFile ¶
SetConfigFile sets the absolute path to the configuration file to use. If it's empty, it'll be ignored (when changing the fw type for example).
func (*Config) StopConfigWatcher ¶
func (c *Config) StopConfigWatcher()
StopConfigWatcher stops the configuration watcher and stops the subroutine.
type ExprStatement ¶
type ExprStatement struct { Op string // ==, !=, ... Only one per expression set. Name string // tcp, udp, ct, daddr, log, ... Values []*ExprValues // dport 8000 }
ExprStatement holds the definition of matches to use against connections.
{ "Op": "!=", "Name": "tcp", "Values": [ { "Key": "dport", "Value": "443" } ] }
type ExprValues ¶
ExprValues holds the statements' options: "Name": "ct", "Values": [
{ "Key": "state", "Value": "established" },
{ "Key": "state", "Value": "related" }]
type Expressions ¶
type Expressions struct {
Statement *ExprStatement
}
Expressions holds the array of expressions that create the rules
type FwChain ¶
type FwChain struct { // table fields Table string Family string // chain fields Name string Description string Priority string Type string Hook string Policy string Rules []*FwRule }
FwChain holds the information that defines a firewall chain. It also contains the firewall table definition that it belongs to.
type FwRule ¶
type FwRule struct { *sync.RWMutex // we need to keep old fields in the struct. Otherwise when receiving a conf from the GUI, the legacy rules would be deleted. Chain string // TODO: deprecated, remove Table string // TODO: deprecated, remove Parameters string // TODO: deprecated, remove UUID string Description string Target string TargetParameters string Expressions []*Expressions Position uint64 `json:",string"` Enabled bool }
FwRule holds the fields of a rule