mirror of
https://github.com/speatzle/nfsense.git
synced 2025-05-10 18:38:22 +00:00
rework rules
This commit is contained in:
parent
02da0168f3
commit
b09875fd85
9 changed files with 115 additions and 32 deletions
7
pkg/definitions/destination_nat.go
Normal file
7
pkg/definitions/destination_nat.go
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
package definitions
|
||||
|
||||
type DestinationNATRule struct {
|
||||
Rule
|
||||
Address string `json:"address,omitempty"`
|
||||
Service string `json:"service,omitempty"`
|
||||
}
|
||||
12
pkg/definitions/match.go
Normal file
12
pkg/definitions/match.go
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
package definitions
|
||||
|
||||
import "fmt"
|
||||
|
||||
type Match struct {
|
||||
TCPDestinationPort uint64 `json:"tcp_destination_port,omitempty"`
|
||||
Service []string `json:"service,omitempty"`
|
||||
}
|
||||
|
||||
func (m Match) Nftables() string {
|
||||
return fmt.Sprintf("tcp dport %d", m.TCPDestinationPort)
|
||||
}
|
||||
49
pkg/definitions/rule.go
Normal file
49
pkg/definitions/rule.go
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
package definitions
|
||||
|
||||
import "encoding/json"
|
||||
|
||||
type Rule struct {
|
||||
Name string `json:"name"`
|
||||
Match Match `json:"match"`
|
||||
Comment string `json:"comment,omitempty"`
|
||||
Counter bool `json:"counter,omitempty"`
|
||||
}
|
||||
|
||||
type ForwardRule struct {
|
||||
Rule
|
||||
Verdict Verdict `json:"verdict"`
|
||||
}
|
||||
|
||||
type Verdict int
|
||||
|
||||
const (
|
||||
Accept Verdict = iota
|
||||
Drop
|
||||
Continue
|
||||
)
|
||||
|
||||
func (t Verdict) String() string {
|
||||
return [...]string{"accept", "drop", "continue"}[t]
|
||||
}
|
||||
|
||||
func (t *Verdict) FromString(input string) Verdict {
|
||||
return map[string]Verdict{
|
||||
"accept": Accept,
|
||||
"drop": Drop,
|
||||
"continue": Continue,
|
||||
}[input]
|
||||
}
|
||||
|
||||
func (t Verdict) MarshalJSON() ([]byte, error) {
|
||||
return json.Marshal(t.String())
|
||||
}
|
||||
|
||||
func (t *Verdict) UnmarshalJSON(b []byte) error {
|
||||
var s string
|
||||
err := json.Unmarshal(b, &s)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*t = t.FromString(s)
|
||||
return nil
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package definitions
|
||||
|
||||
type Rule struct {
|
||||
Match RuleMatch `json:"match"`
|
||||
Comment string `json:"comment"`
|
||||
Counter bool `json:"counter"`
|
||||
}
|
||||
|
||||
type RuleMatch struct {
|
||||
TCPDestinationPort uint64 `json:"tcp_destination_port"`
|
||||
}
|
||||
|
||||
type ForwardRule struct {
|
||||
Rule
|
||||
}
|
||||
|
||||
type DestinationNATRule struct {
|
||||
Rule
|
||||
}
|
||||
|
||||
type SourceNATRule struct {
|
||||
Rule
|
||||
}
|
||||
42
pkg/definitions/source_nat.go
Normal file
42
pkg/definitions/source_nat.go
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
package definitions
|
||||
|
||||
import "encoding/json"
|
||||
|
||||
type SourceNATRule struct {
|
||||
Rule
|
||||
Type SnatType `json:"type"`
|
||||
Address string `json:"address,omitempty"`
|
||||
Service string `json:"service,omitempty"`
|
||||
}
|
||||
|
||||
type SnatType int
|
||||
|
||||
const (
|
||||
Snat SnatType = iota
|
||||
Masquerade
|
||||
)
|
||||
|
||||
func (t SnatType) String() string {
|
||||
return [...]string{"snat", "masquerade"}[t]
|
||||
}
|
||||
|
||||
func (t *SnatType) FromString(input string) SnatType {
|
||||
return map[string]SnatType{
|
||||
"snat": Snat,
|
||||
"masquerade": Masquerade,
|
||||
}[input]
|
||||
}
|
||||
|
||||
func (t SnatType) MarshalJSON() ([]byte, error) {
|
||||
return json.Marshal(t.String())
|
||||
}
|
||||
|
||||
func (t *SnatType) UnmarshalJSON(b []byte) error {
|
||||
var s string
|
||||
err := json.Unmarshal(b, &s)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*t = t.FromString(s)
|
||||
return nil
|
||||
}
|
||||
|
|
@ -1,3 +1,2 @@
|
|||
{{range $rule := .Netfilter.DestinationNATRules}}
|
||||
{{template "rule_match.tmpl" .Match}} {{ if $rule.Counter }} counter {{ end }} {{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}" {{ end }}
|
||||
{{end}}
|
||||
{{ range $rule := .Netfilter.DestinationNATRules }}
|
||||
{{ .Match.Nftables }}{{ if $rule.Counter }} counter{{ end }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}
|
||||
|
|
@ -1,3 +1,2 @@
|
|||
{{range $rule := .Netfilter.ForwardRules}}
|
||||
{{template "rule_match.tmpl" .Match}} {{ if $rule.Counter }} counter {{ end }} {{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}" {{ end }}
|
||||
{{end}}
|
||||
{{ .Match.Nftables }}{{ if $rule.Counter }} counter{{ end }} {{ $rule.Verdict.String }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
tcp dport {{ .TCPDestinationPort }}
|
||||
|
|
@ -1,3 +1,2 @@
|
|||
{{range $rule := .Netfilter.SourceNATRules}}
|
||||
{{template "rule_match.tmpl" .Match}} {{ if $rule.Counter }} counter {{ end }} {{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}" {{ end }}
|
||||
{{end}}
|
||||
{{ range $rule := .Netfilter.SourceNATRules }}
|
||||
{{ .Match.Nftables }}{{ if $rule.Counter }} counter{{ end }}{{ if ne $rule.Comment "" }} comment "{{ $rule.Comment }}"{{ end }}{{ end }}
|
||||
Loading…
Add table
Reference in a new issue