go-nftables-client/nft.go

package nft

import (
	"errors"
)

// NFT A client for working with nftables
type NFT interface {
	// Clear clears all rules.
	//
	// This command is equivalent to:
	//    nft flush ruleset
	Clear() error

	// AddTable adds a new table.
	//
	// This command is equivalent to:
	//     nft add table (ip|ip6|inet|arp|bridge) {name}
	AddTable(family FamilyType, name string) error

	// DeleteTable deletes a table.
	//
	// This command is equivalent to:
	//     nft delete table (ip|ip6|inet|arp|bridge) {name}
	DeleteTable(family FamilyType, name string) error

	// ClearTable clears all rules in a table.
	//
	// This command is equivalent to:
	//     nft flush table (ip|ip6|inet|arp|bridge) {name}
	ClearTable(family FamilyType, name string) error
}

type nft struct {
	path string
}

// New Returns a client for working with nftables.
// Searches for nft in paths: nft, /usr/sbin/nft, /sbin/nft
func New() (NFT, error) {
	paths := []string{"nft", "/usr/sbin/nft", "/sbin/nft"}
	for _, path := range paths {
		nftClient, err := NewWithPath(path)
		if err == nil {
			return nftClient, nil
		}
	}

	return nil, errors.New("nft not found")
}

// NewWithPath Returns the client for working with nftables with its path specified.
func NewWithPath(path string) (NFT, error) {
	if err := checkingNFT(path); err != nil {
		return nil, err
	}

	return &nft{
		path: path,
	}, nil
}

func (n *nft) Clear() error {
	args := []string{"flush", "ruleset"}
	return executeCommand(n.path, args...)
}

func (n *nft) AddTable(family FamilyType, name string) error {
	args := []string{"add", "table", family.String(), name}
	return executeCommand(n.path, args...)
}

func (n *nft) DeleteTable(family FamilyType, name string) error {
	args := []string{"delete", "table", family.String(), name}
	return executeCommand(n.path, args...)
}

func (n *nft) ClearTable(family FamilyType, name string) error {
	args := []string{"flush", "table", family.String(), name}
	return executeCommand(n.path, args...)
}