Documentation ¶
Index ¶
- Constants
- func IsAvailable() error
- type Action
- type Iptables
- func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error)
- func (ipt *Iptables) AddSystemRules(reload, backupExistingChains bool)
- func (ipt *Iptables) AreRulesLoaded() bool
- func (ipt *Iptables) CleanRules(logErrors bool)
- func (ipt *Iptables) ConfigureChainPolicy(table, hook, policy string, logError bool)
- func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook string, logErrors bool) bool
- func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error)
- func (ipt *Iptables) DeleteSystemRules(force, backupExistingChains, logErrors bool)
- func (ipt *Iptables) Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)
- func (ipt *Iptables) DisableInterception(logErrors bool)
- func (ipt *Iptables) EnableInterception()
- func (ipt *Iptables) Init(qNum *int, configPath, monitorInterval string)
- func (ipt *Iptables) Name() string
- func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error)
- func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error)
- func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error)
- func (ipt *Iptables) Serialize() (*protocol.SysFirewall, error)
- func (ipt *Iptables) Stop()
- type SystemChains
- type SystemRule
Constants ¶
const ( // Name is the name that identifies this firewall Name = "iptables" // SystemRulePrefix prefix added to each system rule SystemRulePrefix = "opensnitch-filter" )
const ( ADD = Action("-A") INSERT = Action("-I") DELETE = Action("-D") FLUSH = Action("-F") NEWCHAIN = Action("-N") DELCHAIN = Action("-X") POLICY = Action("-P") DROP = Action("DROP") ACCEPT = Action("ACCEPT") )
Actions we apply to the firewall.
Variables ¶
This section is empty.
Functions ¶
func IsAvailable ¶
func IsAvailable() error
IsAvailable checks if iptables is installed in the system. If it's not, we'll default to nftables.
Types ¶
type Iptables ¶
type Iptables struct { common.Common config.Config sync.Mutex // contains filtered or unexported fields }
Iptables struct holds the fields of the iptables fw
func (*Iptables) AddSystemRule ¶
func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error)
AddSystemRule inserts a new rule.
func (*Iptables) AddSystemRules ¶
AddSystemRules creates the system firewall from configuration.
func (*Iptables) AreRulesLoaded ¶
AreRulesLoaded checks if the firewall rules for intercept traffic are loaded.
func (*Iptables) CleanRules ¶
CleanRules deletes the rules we added.
func (*Iptables) ConfigureChainPolicy ¶
ConfigureChainPolicy configures chains policy.
func (*Iptables) CreateSystemRule ¶
func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook string, logErrors bool) bool
CreateSystemRule creates the custom firewall chains and adds them to the system.
func (*Iptables) DeleteSystemRule ¶
func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error)
DeleteSystemRule deletes a new rule.
func (*Iptables) DeleteSystemRules ¶
DeleteSystemRules deletes the system rules. If force is false and the rule has not been previously added, it won't try to delete the rules. Otherwise it'll try to delete them.
func (*Iptables) Deserialize ¶
func (ipt *Iptables) Deserialize(sysfw *protocol.SysFirewall) ([]byte, error)
Deserialize converts a protocolbuffer structure to json.
func (*Iptables) DisableInterception ¶
DisableInterception removes firewall rules to intercept outbound connections.
func (*Iptables) EnableInterception ¶
func (ipt *Iptables) EnableInterception()
EnableInterception adds fw rules to intercept connections.
func (*Iptables) QueueConnections ¶
QueueConnections inserts the firewall rule which redirects connections to us. Connections are queued until the user denies/accept them, or reaches a timeout. OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass
func (*Iptables) QueueDNSResponses ¶
QueueDNSResponses redirects DNS responses to us, in order to keep a cache of resolved domains. INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
func (*Iptables) RunRule ¶
func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error)
RunRule inserts or deletes a firewall rule.
type SystemChains ¶
type SystemChains struct { Rules map[string]*SystemRule sync.RWMutex }
SystemChains keeps track of the fw rules that have been added to the system.