Add Batch API for building and executing batched nftables commands.
This commit is contained in:
@@ -0,0 +1,46 @@
|
||||
package batch
|
||||
|
||||
import (
|
||||
chain2 "git.kor-elf.net/kor-elf-shield/go-nftables-client/chain"
|
||||
"git.kor-elf.net/kor-elf-shield/go-nftables-client/family"
|
||||
)
|
||||
|
||||
// Chain for working with chains.
|
||||
type Chain interface {
|
||||
// Add adds a new chain.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft add chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name}
|
||||
// nft add chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ type (filter|route|nat) hook (ingress|prerouting|forward|input|output|postrouting|egress) priority (priority_value = int32) ;}'
|
||||
// nft add chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ type filter hook (forward|input|output) priority (priority_value = int32) ; policy (accept|drop) ;}'
|
||||
// nft add chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ type (filter|route|nat) hook (ingress|egress) device {device} priority (priority_value = int32) ;}'
|
||||
Add(family family.Type, tableName string, chainName string, baseChain chain2.ChainOptions) error
|
||||
|
||||
// Create creates a new chain.
|
||||
// Similar to the Add, but returns an error if the chain already exists.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft create chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name}
|
||||
// nft create chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ type (filter|route|nat) hook (ingress|prerouting|forward|input|output|postrouting|egress) priority (priority_value = int32) ;}'
|
||||
// nft create chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ type filter hook (forward|input|output) priority (priority_value = int32) ; policy (accept|drop) ;}'
|
||||
// nft create chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ type (filter|route|nat) hook (ingress|egress) device {device} priority (priority_value = int32) ;}'
|
||||
Create(family family.Type, tableName string, chainName string, baseChain chain2.ChainOptions) error
|
||||
|
||||
// Delete deletes a chain.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft delete chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name}
|
||||
Delete(family family.Type, tableName string, chainName string) error
|
||||
|
||||
// Clear clears all rules in a chain.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft flush chain (ip|ip6|inet|arp|bridge) {table_name} {chain_name}
|
||||
Clear(family family.Type, tableName string, chainName string) error
|
||||
|
||||
// Rename renames a chain.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft rename chain (ip|ip6|inet|arp|bridge) {table_name} {old_chain_name} {new_chain_name}
|
||||
Rename(family family.Type, tableName string, oldChainName string, newChainName string) error
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
package batch
|
||||
|
||||
import "git.kor-elf.net/kor-elf-shield/go-nftables-client/family"
|
||||
|
||||
// Rule is the interface for rule manipulation.
|
||||
type Rule interface {
|
||||
// Add adds a new rule.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft add rule (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ expr }'
|
||||
Add(family family.Type, tableName string, chainName string, expr ...string) error
|
||||
|
||||
// Insert inserts a new rule.
|
||||
// Inserted rules are placed at the beginning of the chain, by default.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft insert rule (ip|ip6|inet|arp|bridge) {table_name} {chain_name} '{ expr }'
|
||||
Insert(family family.Type, tableName string, chainName string, expr ...string) error
|
||||
|
||||
// Replace replaces a rule.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft replace rule (ip|ip6|inet|arp|bridge) {table_name} {chain_name} {handle} '{ expr }'
|
||||
Replace(family family.Type, tableName string, chainName string, handle uint64, expr ...string) error
|
||||
|
||||
// Delete deletes a rule.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft delete rule (ip|ip6|inet|arp|bridge) {table_name} {chain_name} {handle}
|
||||
Delete(family family.Type, tableName string, chainName string, handle uint64) error
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
package batch
|
||||
|
||||
import "git.kor-elf.net/kor-elf-shield/go-nftables-client/family"
|
||||
|
||||
// Table for working with tables.
|
||||
type Table interface {
|
||||
// AddTable adds a new table.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft add table (ip|ip6|inet|arp|bridge) {table_name}
|
||||
Add(family family.Type, tableName string) error
|
||||
|
||||
// DeleteTable deletes a table.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft delete table (ip|ip6|inet|arp|bridge) {table_name}
|
||||
Delete(family family.Type, tableName string) error
|
||||
|
||||
// ClearTable clears all rules in a table.
|
||||
//
|
||||
// This command is equivalent to:
|
||||
// nft flush table (ip|ip6|inet|arp|bridge) {table_name}
|
||||
Clear(family family.Type, tableName string) error
|
||||
}
|
||||
Reference in New Issue
Block a user