package iptables

import "github.com/docker/libnetwork/iptables"

Index

Constants 

const (
	// Append appends the rule at the end of the chain.
	Append Action = "-A"
	// Delete deletes the rule from the chain.
	Delete Action = "-D"
	// Insert inserts the rule at the top of the chain.
	Insert Action = "-I"
	// Nat table is used for nat translation rules.
	Nat Table = "nat"
	// Filter table is used for filter rules.
	Filter Table = "filter"
	// Mangle table is used for mangling the packet.
	Mangle Table = "mangle"
)

Variables 

var (

	// ErrIptablesNotFound is returned when the rule is not found.
	ErrIptablesNotFound = errors.New("Iptables not found")
)

Functions

func ExistChain 

func ExistChain(chain string, table Table) bool

ExistChain checks if a chain exists

func Exists 

func Exists(table Table, chain string, rule ...string) bool

Exists checks if a rule exists

func FirewalldInit 

func FirewalldInit() error

FirewalldInit initializes firewalld management code.

func OnReloaded 

func OnReloaded(callback func())

OnReloaded add callback

func Passthrough 

func Passthrough(ipv IPV, args ...string) ([]byte, error)

Passthrough method simply passes args through to iptables/ip6tables

func ProgramChain 

func ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) error

ProgramChain is used to add rules to a chain

func Raw 

func Raw(args ...string) ([]byte, error)

Raw calls 'iptables' system command, passing supplied arguments.

func RawCombinedOutput 

func RawCombinedOutput(args ...string) error

RawCombinedOutput inernally calls the Raw function and returns a non nil error if Raw returned a non nil error or a non empty output

func RemoveExistingChain 

func RemoveExistingChain(name string, table Table) error

RemoveExistingChain removes existing chain from the table.

Types

type Action 

type Action string

Action signifies the iptable action.

type ChainError 

type ChainError struct {
	Chain  string
	Output []byte
}

ChainError is returned to represent errors during ip table operation.

func (ChainError) Error 

func (e ChainError) Error() string

type ChainInfo 

type ChainInfo struct {
	Name        string
	Table       Table
	HairpinMode bool
}

ChainInfo defines the iptables chain.

func NewChain 

func NewChain(name string, table Table, hairpinMode bool) (*ChainInfo, error)

NewChain adds a new chain to ip table.

func (*ChainInfo) Forward 

func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr string, destPort int, bridgeName string) error

Forward adds forwarding rule to 'filter' table and corresponding nat rule to 'nat' table. 

func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error

Link adds reciprocal ACCEPT rule for two supplied IP addresses. Traffic is allowed from ip1 to ip2 and vice-versa

func (*ChainInfo) Output 

func (c *ChainInfo) Output(action Action, args ...string) error

Output adds linking rule to an OUTPUT chain.

func (*ChainInfo) Prerouting 

func (c *ChainInfo) Prerouting(action Action, args ...string) error

Prerouting adds linking rule to nat/PREROUTING chain.

func (*ChainInfo) Remove 

func (c *ChainInfo) Remove() error

Remove removes the chain.

type Conn 

type Conn struct {
	// contains filtered or unexported fields
}

Conn is a connection to firewalld dbus endpoint.

type IPV 

type IPV string

IPV defines the table string 

const (
	// Iptables point ipv4 table
	Iptables IPV = "ipv4"
	// IP6Tables point to ipv6 table
	IP6Tables IPV = "ipv6"
	// Ebtables point to bridge table
	Ebtables IPV = "eb"
)

type Table 

type Table string

Table refers to Nat, Filter or Mangle.

Source Files

firewalld.go iptables.go

Version
v0.5.6 (latest)
Published
Jan 15, 2016
Platform
linux/amd64
Imports
9 packages
Last checked
10 hours ago

Tools for package owners.