Versions in this module Expand all Collapse all v0 v0.0.9 Feb 2, 2023 v0.0.8 Feb 3, 2023 v0.0.7 Feb 3, 2023 v0.0.6 Feb 3, 2023 v0.0.5 Feb 3, 2023 v0.0.4 Feb 3, 2023 v0.0.3 Feb 3, 2023 v0.0.2 Feb 3, 2023 v0.0.1 Feb 3, 2023 Changes in this version + const ChainDeleteTimeout + const ChainPolicyAccept + const ChainPolicyDrop + const ChainReadyTimeout + const MaxCommentLength + const NFT_ACCEPT + const NFT_DROP + var CTStateEstablished uint32 = 0x02000000 + var CTStateInvalid uint32 = 0x01000000 + var CTStateNew uint32 = 0x08000000 + var CTStateRelated uint32 = 0x04000000 + func GenSetKeyType(types ...nftables.SetDatatype) nftables.SetDatatype + func InitConn(netns ...int) *nftables.Conn + func IsNFTablesOn() bool + func L3Protocol(proto int) *uint32 + func MakeConcatElement(keys []nftables.SetDatatype, vals []ElementValue, ra *RuleAction) (*nftables.SetElement, error) + func MakeElement(input *ElementValue) ([]nftables.SetElement, error) + func MakeRuleComment(s string) []byte + func SetPortList(ports []int) []*uint16 + func SetPortRange(ports [2]int) [2]*uint16 + type ChainAttributes struct + Device string + Hook *nftables.ChainHook + Policy *ChainPolicy + Priority *nftables.ChainPriority + Type nftables.ChainType + func (cha *ChainAttributes) Validate() error + type ChainFuncs interface + Chain func(name string) (RulesInterface, error) + Create func(name string, attributes *ChainAttributes) error + CreateImm func(name string, attributes *ChainAttributes) error + Delete func(name string) error + DeleteImm func(name string) error + Dump func() ([]byte, error) + Exist func(name string) bool + Get func() ([]string, error) + Sync func() error + type ChainPolicy uint32 + type ChainsInterface interface + Chains func() ChainFuncs + type Concat struct + Elements []*ConcatElement + SetRef *SetRef + VMap bool + type ConcatElement struct + EMask []byte + EProto byte + ESource bool + EType nftables.SetDatatype + type Conntrack struct + Key uint32 + Value []byte + type Counter struct + type Dynamic struct + Invert bool + Key uint32 + Match MatchType + Op uint32 + SetRef *SetRef + Timeout time.Duration + type ElementValue struct + Action *RuleAction + Addr string + AddrIP *string + EtherAddr []byte + IPAddr []byte + InetProto *byte + InetService *uint16 + Integer *uint32 + Mark *uint32 + Port *uint16 + type Fib struct + Data []byte + FlagDADDR bool + FlagIIF bool + FlagMARK bool + FlagOIF bool + FlagPRESENT bool + FlagSADDR bool + RelOp Operator + ResultADDRTYPE bool + ResultOIF bool + ResultOIFNAME bool + type IPAddr struct + CIDR bool + Mask *uint8 + func NewIPAddr(addr string) (*IPAddr, error) + func (ip *IPAddr) IsIPv6() bool + func (ip *IPAddr) Validate() error + type IPAddrSpec struct + List []*IPAddr + Range [2]*IPAddr + RelOp Operator + SetRef *SetRef + func (ip *IPAddrSpec) Validate() error + type L3Rule struct + Counter *Counter + Dst *IPAddrSpec + Protocol *uint32 + RelOp Operator + Src *IPAddrSpec + Version *byte + func (l3 *L3Rule) Validate() error + type L4Rule struct + Counter *Counter + Dst *Port + L4Proto uint8 + RelOp Operator + Src *Port + func (l4 *L4Rule) Validate() error + type Log struct + Key uint32 + Value []byte + func SetLog(key int, value []byte) (*Log, error) + type MatchAct struct + ActElement map[int]*RuleAction + Match MatchType + MatchRef *SetRef + type MatchType uint32 + const MatchTypeL3Dst + const MatchTypeL3Src + const MatchTypeL4Dst + const MatchTypeL4Src + type Meta struct + Expr []MetaExpr + Mark *MetaMark + type MetaExpr struct + Key uint32 + RelOp Operator + Value []byte + type MetaMark struct + Mask uint32 + Set bool + Value uint32 + type NATAttributes struct + FullyRandom bool + L3Addr [2]*IPAddr + Persistent bool + Port [2]uint16 + Random bool + type NetNS interface + AddChain func(*nftables.Chain) *nftables.Chain + AddRule func(*nftables.Rule) *nftables.Rule + AddSet func(*nftables.Set, []nftables.SetElement) error + AddTable func(*nftables.Table) *nftables.Table + DelChain func(*nftables.Chain) + DelRule func(*nftables.Rule) error + DelSet func(*nftables.Set) + DelTable func(*nftables.Table) + Flush func() error + FlushRuleset func() + GetRule func(*nftables.Table, *nftables.Chain) ([]*nftables.Rule, error) + GetSetByName func(*nftables.Table, string) (*nftables.Set, error) + GetSetElements func(*nftables.Set) ([]nftables.SetElement, error) + GetSets func(*nftables.Table) ([]*nftables.Set, error) + InsertRule func(*nftables.Rule) *nftables.Rule + ListChains func() ([]*nftables.Chain, error) + ListTables func() ([]*nftables.Table, error) + ReplaceRule func(*nftables.Rule) *nftables.Rule + SetAddElements func(*nftables.Set, []nftables.SetElement) error + SetDeleteElements func(*nftables.Set, []nftables.SetElement) error + type Operator byte + const EQ + const NEQ + type Port struct + List []*uint16 + Range [2]*uint16 + RelOp Operator + SetRef *SetRef + func (p *Port) Validate() error + type Rule struct + Action *RuleAction + Concat *Concat + Conntracks []*Conntrack + Counter *Counter + Dynamic *Dynamic + Fib *Fib + L3 *L3Rule + L4 *L4Rule + Log *Log + MatchAct *MatchAct + Meta *Meta + Position int + RelOp Operator + UserData []byte + func (r Rule) Validate() error + type RuleAction struct + func SetDNAT(natAttrs *NATAttributes) (*RuleAction, error) + func SetLoadbalance(chains []string, action int, mode int) (*RuleAction, error) + func SetMasq(random, fullyRandom, persistent bool) (*RuleAction, error) + func SetMasqToPort(port ...int) (*RuleAction, error) + func SetRedirect(port int, tproxy bool) (*RuleAction, error) + func SetReject(rt int, rc int) (*RuleAction, error) + func SetSNAT(natAttrs *NATAttributes) (*RuleAction, error) + func SetVerdict(key int, chain ...string) (*RuleAction, error) + func (ra *RuleAction) Validate() error + type RuleFuncs interface + Create func(*Rule) (uint32, error) + CreateImm func(*Rule) (uint64, error) + Delete func(uint32) error + DeleteImm func(uint64) error + Dump func() ([]byte, error) + GetRuleHandle func(id uint32) (uint64, error) + GetRulesExpr func() (map[uint64][]expr.Any, error) + GetRulesUserData func() (map[uint64][]byte, error) + Insert func(*Rule) (uint32, error) + InsertImm func(*Rule) (uint64, error) + Sync func() error + Update func(*Rule, uint64) error + UpdateRulesHandle func() error + type RulesInterface interface + Rules func() RuleFuncs + type SetAttributes struct + Constant bool + DataType nftables.SetDatatype + HasTimeout bool + Interval bool + IsMap bool + KeyType nftables.SetDatatype + Name string + Timeout time.Duration + type SetFuncs interface + CreateSet func(*SetAttributes, []nftables.SetElement) (*nftables.Set, error) + DelSet func(string) error + GetSetByName func(string) (*nftables.Set, error) + GetSetElements func(string) ([]nftables.SetElement, error) + GetSets func() ([]*nftables.Set, error) + SetAddElements func(string, []nftables.SetElement) error + SetDelElements func(string, []nftables.SetElement) error + type SetRef struct + ID uint32 + IsMap bool + Name string + type SetsInterface interface + Sets func() SetFuncs + type TableFuncs interface + Create func(name string, familyType nftables.TableFamily) error + CreateImm func(name string, familyType nftables.TableFamily) error + Delete func(name string, familyType nftables.TableFamily) error + DeleteImm func(name string, familyType nftables.TableFamily) error + Dump func() ([]byte, error) + Exist func(name string, familyType nftables.TableFamily) bool + Get func(familyType nftables.TableFamily) ([]string, error) + Sync func(familyType nftables.TableFamily) error + Table func(name string, familyType nftables.TableFamily) (ChainsInterface, error) + TableChains func(name string, familyType nftables.TableFamily) (ChainsInterface, error) + TableSets func(name string, familyType nftables.TableFamily) (SetsInterface, error) + type TablesInterface interface + Tables func() TableFuncs + func InitNFTables(conn NetNS) TablesInterface