iptables

package

v0.0.0-...-2ec37ed Latest Latest Go to latest Published: Feb 11, 2024 License: GPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/evilsocket/opensnitch

Documentation ¶

Constants ¶

View Source

const (
	// Name is the name that identifies this firewall
	Name = "iptables"
	// SystemRulePrefix prefix added to each system rule
	SystemRulePrefix = "opensnitch-filter"
)

View Source

const (
	ADD      = Action("-A")
	INSERT   = Action("-I")
	DELETE   = Action("-D")
	FLUSH    = Action("-F")
	NEWCHAIN = Action("-N")
	DELCHAIN = Action("-X")
	POLICY   = Action("-P")

	DROP   = Action("DROP")
	ACCEPT = Action("ACCEPT")
)

Actions we apply to the firewall.

Variables ¶

This section is empty.

Functions ¶

func IsAvailable ¶

func IsAvailable() error

IsAvailable checks if iptables is installed in the system. If it's not, we'll default to nftables.

Types ¶

type Action ¶

type Action string

Action is the modifier we apply to a rule.

type Iptables ¶

type Iptables struct {
	common.Common
	config.Config

	sync.Mutex
	// contains filtered or unexported fields
}

Iptables struct holds the fields of the iptables fw

func Fw ¶

func Fw() (*Iptables, error)

Fw initializes a new Iptables object

func (*Iptables) AddSystemRule ¶

func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error)

AddSystemRule inserts a new rule.

func (*Iptables) AddSystemRules ¶

func (ipt *Iptables) AddSystemRules(reload, backupExistingChains bool)

AddSystemRules creates the system firewall from configuration.

func (*Iptables) AreRulesLoaded ¶

func (ipt *Iptables) AreRulesLoaded() bool

AreRulesLoaded checks if the firewall rules for intercept traffic are loaded.

func (*Iptables) CleanRules ¶

func (ipt *Iptables) CleanRules(logErrors bool)

CleanRules deletes the rules we added.

func (*Iptables) ConfigureChainPolicy ¶

func (ipt *Iptables) ConfigureChainPolicy(table, hook, policy string, logError bool)

ConfigureChainPolicy configures chains policy.

func (*Iptables) CreateSystemRule ¶

func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook string, logErrors bool) bool

CreateSystemRule creates the custom firewall chains and adds them to the system.

func (*Iptables) DeleteSystemRule ¶

func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error)

DeleteSystemRule deletes a new rule.

func (*Iptables) DeleteSystemRules ¶

func (ipt *Iptables) DeleteSystemRules(force, backupExistingChains, logErrors bool)

DeleteSystemRules deletes the system rules. If force is false and the rule has not been previously added, it won't try to delete the rules. Otherwise it'll try to delete them.

func (*Iptables) Deserialize ¶

func (ipt *Iptables) Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)

Deserialize converts a protocolbuffer structure to json.

func (*Iptables) DisableInterception ¶

func (ipt *Iptables) DisableInterception(logErrors bool)

DisableInterception removes firewall rules to intercept outbound connections.

func (*Iptables) EnableInterception ¶

func (ipt *Iptables) EnableInterception()

EnableInterception adds fw rules to intercept connections.

func (*Iptables) Init ¶

func (ipt *Iptables) Init(qNum *int, configPath, monitorInterval string)

Init inserts the firewall rules and starts monitoring for firewall changes.

func (*Iptables) Name ¶

func (ipt *Iptables) Name() string

Name returns the firewall name

func (*Iptables) QueueConnections ¶

func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error)

QueueConnections inserts the firewall rule which redirects connections to us. Connections are queued until the user denies/accept them, or reaches a timeout. OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass

func (*Iptables) QueueDNSResponses ¶

func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error)

QueueDNSResponses redirects DNS responses to us, in order to keep a cache of resolved domains. INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass

func (*Iptables) RunRule ¶

func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error)

RunRule inserts or deletes a firewall rule.

func (*Iptables) Serialize ¶

func (ipt *Iptables) Serialize() (*protocol.SysFirewall, error)

Serialize converts the configuration from json to protobuf

func (*Iptables) Stop ¶

func (ipt *Iptables) Stop()

Stop deletes the firewall rules, allowing network traffic.

type SystemChains ¶

type SystemChains struct {
	Rules map[string]*SystemRule
	sync.RWMutex
}

SystemChains keeps track of the fw rules that have been added to the system.

type SystemRule ¶

type SystemRule struct {
	Rule  *config.FwRule
	Table string
	Chain string
}

SystemRule blabla

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL