本文整理汇总了Golang中github.com/coreos/go-iptables/iptables.New函数的典型用法代码示例。如果您正苦于以下问题:Golang New函数的具体用法?Golang New怎么用?Golang New使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了New函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: unforwardPorts
func (e *podEnv) unforwardPorts() error {
ipt, err := iptables.New()
if err != nil {
return err
}
chain := e.portFwdChain()
rule := e.portFwdRuleSpec(chain)
// There's no clean way now to test if a chain exists or
// even if a rule exists if the chain is not present.
// So we swallow the errors for now :(
// TODO(eyakubovich): move to using libiptc for iptable
// manipulation
// outside traffic hitting this hot
ipt.Delete("nat", "PREROUTING", rule...)
// traffic originating on this host
ipt.Delete("nat", "OUTPUT", rule...)
// there should be no references, delete the chain
ipt.ClearChain("nat", chain)
ipt.DeleteChain("nat", chain)
return nil
}示例2: UnBlockIP
func UnBlockIP(ip string) bool {
// Some default chain names
sChain := "INPUT"
dChain := "LOGGING"
// Get a new iptables interface
ipt, err := iptables.New()
if err != nil {
log(fmt.Sprintf("Failed to new up an IPtables intance. ERROR: %v", err))
return false
}
// Build out the ipstring(add /32 to the end)
ipstr := fmt.Sprintf("%s%s", ip, "/32")
// Use the appendUnique method to put this in iptables, but only once
err = ipt.Delete("filter", sChain, "-s", ipstr, "-j", dChain)
if err != nil {
log(fmt.Sprintf("Failed to ban an ip(%v). ERROR: %v", ipstr, err))
return false
}
// Since we made it here, we won
return true
}示例3: unforwardPorts
func (e *podEnv) unforwardPorts() error {
ipt, err := iptables.New()
if err != nil {
return err
}
chainDNAT := e.portFwdChain("DNAT")
chainSNAT := e.portFwdChain("SNAT")
chainRuleDNAT := e.portFwdChainRuleSpec(chainDNAT, "DNAT")
chainRuleSNAT := e.portFwdChainRuleSpec(chainSNAT, "SNAT")
// There's no clean way now to test if a chain exists or
// even if a rule exists if the chain is not present.
// So we swallow the errors for now :(
// TODO(eyakubovich): move to using libiptc for iptable
// manipulation
for _, entry := range []struct {
chain string
customChainRule []string
}{
{"POSTROUTING", chainRuleSNAT}, // traffic originating on this host
{"PREROUTING", chainRuleDNAT}, // outside traffic hitting this host
{"OUTPUT", chainRuleDNAT}, // traffic originating on this host
} {
ipt.Delete("nat", entry.chain, entry.customChainRule...)
}
for _, entry := range []string{chainDNAT, chainSNAT} {
ipt.ClearChain("nat", entry)
ipt.DeleteChain("nat", entry)
}
return nil
}示例4: init
func init() {
tunnels = make(map[string]*TunnelInfo)
ip2tunnel = make(map[string]string)
ipt, _ = iptables.New()
pin = fastping.NewPinger()
initConfig()
readConfig()
initLogger()
}示例5: DetachContainer
func DetachContainer(ns netns.NsHandle, id, ifName string, cidrs []*net.IPNet) error {
ipt, err := iptables.New()
if err != nil {
return err
}
return WithNetNSLinkUnsafe(ns, ifName, func(veth netlink.Link) error {
existingAddrs, err := netlink.AddrList(veth, netlink.FAMILY_V4)
if err != nil {
return fmt.Errorf("failed to get IP address for %q: %v", veth.Attrs().Name, err)
}
for _, ipnet := range cidrs {
if !contains(existingAddrs, ipnet) {
continue
}
if err := netlink.AddrDel(veth, &netlink.Addr{IPNet: ipnet}); err != nil {
return fmt.Errorf("failed to remove IP address from %q: %v", veth.Attrs().Name, err)
}
}
addrs, err := netlink.AddrList(veth, netlink.FAMILY_V4)
if err != nil {
return fmt.Errorf("failed to get IP address for %q: %v", veth.Attrs().Name, err)
}
// Remove multicast ACCEPT rules for subnets we no longer have addresses in
subnets := subnets(addrs)
rules, err := ipt.List("filter", "INPUT")
if err != nil {
return err
}
for _, rule := range rules {
ps := strings.Split(rule, " ")
if len(ps) == 10 &&
ps[0] == "-A" && ps[2] == "-s" && ps[4] == "-d" && ps[5] == "224.0.0.0/4" &&
ps[6] == "-i" && ps[7] == ifName && ps[8] == "-j" && ps[9] == "ACCEPT" {
if _, found := subnets[ps[3]]; !found {
if err := ipt.Delete("filter", "INPUT", ps[2:]...); err != nil {
return err
}
}
}
}
if len(addrs) == 0 { // all addresses gone: remove the interface
if err := ipt.Delete("filter", "INPUT", "-i", ifName, "-d", "224.0.0.0/4", "-j", "DROP"); err != nil {
return err
}
if err := netlink.LinkDel(veth); err != nil {
return err
}
}
return nil
})
}示例6: TestBlockAndUnblock
// Test the blocking of ips
func TestBlockAndUnblock(t *testing.T) {
// Make sure we are the root user.
u, _ := user.Current()
if u.Uid != "0" {
log("You must be root to run this. Try again.")
os.Exit(1)
}
// Block an ip
ok := BlockIP("1.2.3.4")
if ok == false {
t.Error("Failed to block IP")
}
// make sure this block is in this chain
sChain := "INPUT"
//dChain := "LOGGING"
// Get a new iptables interface
ipt, err := iptables.New()
if err != nil {
t.Error("Failed to new up an IPtables intance:", err)
}
rules, err := ipt.List("filter", sChain)
if err != nil {
t.Fatalf("List failed: %v", err)
}
// Test to see if the ip we banned was in that slice
found := false
for _, rule := range rules {
if strings.Contains(rule, "1.2.3.4") {
found = true
}
}
if found == false {
t.Error("Didn't find the ip that we tried to block.")
}
// Now that we found it, lets delete it
ok = UnBlockIP("1.2.3.4")
if ok == false {
t.Error("Failed to un block IP")
}
// Now that we are done testing, lets call the clean up method
cleanIPTables()
}示例7: Init
func Init() error {
if config.JustProxy {
Balancer = nil
return nil
}
// decide which balancer to use
switch config.Balancer {
case "lvs":
Balancer = &Lvs{}
case "nginx":
Balancer = &Nginx{}
default:
Balancer = &Lvs{} // faster
}
var err error
tab, err = iptables.New()
if err != nil {
tab = nil
}
// don't break if we can't use iptables
if _, err = tab.List("filter", "INPUT"); err != nil {
config.Log.Error("Could not use iptables, continuing without - %v", err)
tab = nil
}
if tab != nil {
tab.Delete("filter", "INPUT", "-j", "portal")
tab.ClearChain("filter", "portal")
tab.DeleteChain("filter", "portal")
err = tab.NewChain("filter", "portal")
if err != nil {
return fmt.Errorf("Failed to create new chain - %v", err)
}
err = tab.AppendUnique("filter", "portal", "-j", "RETURN")
if err != nil {
return fmt.Errorf("Failed to append to portal chain - %v", err)
}
err = tab.AppendUnique("filter", "INPUT", "-j", "portal")
if err != nil {
return fmt.Errorf("Failed to append to INPUT chain - %v", err)
}
// Allow router through by default (ports 80/443)
err = tab.Insert("filter", "portal", 1, "-p", "tcp", "--dport", "80", "-j", "ACCEPT")
if err != nil {
return err
}
err = tab.Insert("filter", "portal", 1, "-p", "tcp", "--dport", "443", "-j", "ACCEPT")
if err != nil {
return err
}
}
return Balancer.Init()
}示例8: teardownIPMasq
func teardownIPMasq(ipn ip.IP4Net) error {
ipt, err := iptables.New()
if err != nil {
return fmt.Errorf("failed to teardown IP Masquerade. iptables was not found")
}
for _, rule := range rules(ipn) {
log.Info("Deleting iptables rule: ", strings.Join(rule, " "))
err = ipt.Delete("nat", "POSTROUTING", rule...)
if err != nil {
return fmt.Errorf("failed to delete IP masquerade rule: %v", err)
}
}
return nil
}示例9: setupIPMasq
func setupIPMasq(ipn ip.IP4Net) error {
ipt, err := iptables.New()
if err != nil {
return fmt.Errorf("failed to set up IP Masquerade. iptables was not found")
}
for _, rule := range rules(ipn) {
log.Info("Adding iptables rule: ", strings.Join(rule, " "))
err = ipt.AppendUnique("nat", "POSTROUTING", rule...)
if err != nil {
return fmt.Errorf("failed to insert IP masquerade rule: %v", err)
}
}
return nil
}示例10: checkIPTablesBaseConfig
// Check for the existance of the LOGGING iptables base chain
func checkIPTablesBaseConfig() bool {
ipt, err := iptables.New()
if err != nil {
log("Some stuff is broken yo.")
}
chain := "LOGGING"
_, err = ipt.List("filter", chain)
if err != nil {
log(fmt.Sprintf("%v doesn't exist. It needs to be created.", chain))
return false
} else {
return true
}
}示例11: TeardownIPMasq
// TeardownIPMasq undoes the effects of SetupIPMasq
func TeardownIPMasq(ipn *net.IPNet, chain string) error {
ipt, err := iptables.New()
if err != nil {
return fmt.Errorf("failed to locate iptabes: %v", err)
}
if err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain); err != nil {
return err
}
if err = ipt.ClearChain("nat", chain); err != nil {
return err
}
return ipt.DeleteChain("nat", chain)
}示例12: main
func main() {
accessToken := os.Getenv(`DO_KEY`)
if accessToken == `` {
log.Fatal(`Usage: DO_KEY environment variable must be set.`)
}
// setup dependencies
oauthClient := oauth2.NewClient(oauth2.NoContext, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: accessToken}))
apiClient := godo.NewClient(oauthClient)
metaClient := metadata.NewClient()
ipt, err := iptables.New()
failIfErr(err)
// collect needed metadata from metadata service
region, err := metaClient.Region()
failIfErr(err)
mData, err := metaClient.Metadata()
failIfErr(err)
// collect list of all droplets
drops, err := DropletList(apiClient.Droplets)
failIfErr(err)
allowed, ok := SortDroplets(drops)[region]
if !ok {
log.Fatalf(`No droplets listed in region [%s]`, region)
}
// collect local network interface information
local, err := LocalAddress(mData)
failIfErr(err)
ifaces, err := net.Interfaces()
failIfErr(err)
iface, err := PrivateInterface(ifaces, local)
failIfErr(err)
// setup dolan-peers chain for local interface
err = Setup(ipt, iface)
failIfErr(err)
// update dolan-peers
err = UpdatePeers(ipt, allowed)
failIfErr(err)
log.Printf(`Added %d peers to dolan-peers`, len(allowed))
}示例13: forwardPorts
func (e *podEnv) forwardPorts(fps []ForwardedPort, defIP net.IP) error {
if len(fps) == 0 {
return nil
}
ipt, err := iptables.New()
if err != nil {
return err
}
// Create a separate chain for this pod. This helps with debugging
// and makes it easier to cleanup
chain := e.portFwdChain()
if err = ipt.NewChain("nat", chain); err != nil {
return err
}
rule := e.portFwdRuleSpec(chain)
for _, entry := range [][]string{
{"nat", "PREROUTING"}, // outside traffic hitting this host
{"nat", "OUTPUT"}, // traffic originating on this host
} {
exists, err := ipt.Exists(entry[0], entry[1], rule...)
if err != nil {
return err
}
if !exists {
err = ipt.Insert(entry[0], entry[1], 1, rule...)
if err != nil {
return err
}
}
}
for _, p := range fps {
if err = forwardPort(ipt, chain, &p, defIP); err != nil {
return err
}
}
return nil
}示例14: setupForwarding
// setupForwarding creates the iptables chains
func (e *podEnv) setupForwarding() error {
ipt, err := iptables.New()
if err != nil {
return err
}
// Create a separate chain for this pod. This helps with debugging
// and makes it easier to cleanup
chainDNAT := e.portFwdChain("DNAT")
chainSNAT := e.portFwdChain("SNAT")
if err = ipt.NewChain("nat", chainDNAT); err != nil {
return err
}
if err = ipt.NewChain("nat", chainSNAT); err != nil {
return err
}
chainRuleDNAT := e.portFwdChainRuleSpec(chainDNAT, "DNAT")
chainRuleSNAT := e.portFwdChainRuleSpec(chainSNAT, "SNAT")
for _, entry := range []struct {
chain string
customChainRule []string
}{
{"POSTROUTING", chainRuleSNAT}, // traffic originating from this host from loopback
{"PREROUTING", chainRuleDNAT}, // outside traffic hitting this host
{"OUTPUT", chainRuleDNAT}, // traffic originating from this host on non-loopback
} {
exists, err := ipt.Exists("nat", entry.chain, entry.customChainRule...)
if err != nil {
return err
}
if !exists {
err = ipt.Insert("nat", entry.chain, 1, entry.customChainRule...)
if err != nil {
return err
}
}
}
return nil
}示例15: forwardPorts
func (e *podEnv) forwardPorts(fps []commonnet.ForwardedPort, podIP net.IP) error {
if len(fps) == 0 {
return nil
}
ipt, err := iptables.New()
if err != nil {
return err
}
chainDNAT := e.portFwdChain("DNAT")
chainSNAT := e.portFwdChain("SNAT")
for _, fp := range fps {
for _, r := range portRules(fp, podIP, chainDNAT, chainSNAT) {
if err := ipt.AppendUnique("nat", r.Chain, r.Rule...); err != nil {
return err
}
}
}
return nil
}