NFTables Utils

Package rule A library for managing nftables rules.

Package set A library for managing IP and port nftables sets.

Returns an accept verdict expression.

Makes the comparison specified by `mask` to the CT State already loaded in `reg`.

Returns a list of expressions that will compare the destination address of traffic.

Returns a list of expressions that will compare the destination address of traffic against a set.

Returns a list of expressions that will compare the destnation address of traffic against a set, with a user defined register.

Returns a list of expressions that will compare the destination address of traffic, with a user defined register.

Returns a list of expressions that will compare the destination port of traffic.

Returns a list of expressions that will compare the destination port of traffic against a set.

Returns a list of expressions that will compare the destination port of traffic against a set, with a user defined register.

Returns a list of expressions that will compare the destination port of traffic, with a user defined register.

Returns a list of expressions that will compare the netfilter protocol family of traffic.

Returns a list of expressions that will compare the protocol family of traffic, with a user defined register.

Returns a list of expressions that will compare the source address of traffic.

Returns a list of expressions that will compare the source address of traffic against a set.

Returns a list of expressions that will compare the source address of traffic against a set, with a user defined register.

Returns a list of expressions that will compare the source address of traffic, with a user defined register.

Returns a list of expressions that will compare the source port of traffic.

Returns a list of expressions that will compare the source port of traffic against a set.

Returns a list of expressions that will compare the source port of traffic against a set, with a user defined register.

Returns a list of expressions that will compare the source port of traffic, with a user defined register.

Returns a list of expressions that will compare the transport protocol of traffic.

Returns a list of expressions that will compare the transport protocol of traffic, with a user defined register.

Create network link for interface.

Returns a destination port payload expression.

Returns an drop verdict expression.

Returns an equal comparison expression.

ExprAccept wrapper.

ExprBitwise wrapper.

ExprCmp wrapper.

ExprCmpEq wrapper.

ExprCmpEqIFName wrapper.

ExprCmpNeq wrapper.

ExprCmpNeqIFName wrapper.

ExprCmpPort returns a new port expression with the given matching operator.

ExprConnLimit wrapper over==true ? flags=1 : flags=0.

Returns a counter expression.

ExprCtState wrapper.

ExprDNAT wrapper.

ExprDNATv6 wrapper.

ExprDrop wrapper.

ExprIIFName wrapper.

ExprImmediate wrapper.

ExprImmediateWithPort wrapper.

ExprLimit wrapper.

ExprLookupSet wrapper.

ExprLookupSetFromSet wrapper.

ExprMasquerade wrapper.

Returns a meta expression.

ExprOIFName wrapper.

ExprPayloadNetHeader wrapper.

ExprPayloadTransportHeader wrapper.

ExprPortRange returns a new port range expression.

ExprRedirect wrapper.

ExprReject wrapper.

ExprSNAT wrapper.

ExprSNATv6 wrapper.

GetConntrackStateSet helper.

GetConntrackStateSetElems helper.

GetIPv4AddrSet helper.

GetIPv6AddrSet helper.

GetNetInterface 获得网卡地址 (返回ipv4, ipv6地址).

GetPayloadDirectives get expression directives based on ip version and direction.

GetPortElems helper.

GetPortSet helper.

IPAddr returns default gw iface name, gw ip address and wan ip address.

Returns a IPv4 destination address payload expression.

Returns a IPv4 source address payload expression.

Returns a IPv6 destination address payload expression.

Returns a IPv6 source address payload expression.

Returns a xtables match expression.

Returns a xtables match bpf expression.

Returns a xtables match bpf expression with a verdict.

Returns a xtables match expression of unknown type.

Returns a not-equal comparison expression.

ParseLimits parse expr.Limit rateStr := `1+/p/s` rateStr := `1+/bytes/second`.

Returns an reject expression.

Remove network link for interface.

SetCIDRMatcher generates nftables expressions that matches a CIDR SetCIDRMatcher(ExprDirectionSource, `127.0.0.0/24`).

SetCIDRMatcherIngoreError generates nftables expressions that matches a CIDR SetCIDRMatcherIngoreError(ExprDirectionSource, `127.0.0.0/24`).

SetConntrackStateEstablished helper.

SetConntrackStateNew helper.

SetConntrackStateRelated helper.

SetConntrackStateSet helper.

SetDAddrIPv6Set helper.

SetDAddrSet helper.

SetDPort helper.

SetDPortRange returns a new port range expression.

SetDPortSet helper.

SetICMPTypeEchoRequest helper.

SetICMPv6TypeEchoRequest helper.

SetIIF equals input-interface.

SetINetProtoICMP helper.

SetNIIF not equals input-interface.

SetNOIF not equals output-interface.

SetOIF equals output-interface.

SetProtoICMP helper.

SetProtoTCP helper.

SetProtoUDP helper.

SetSAddrIPv6Set helper.

SetSAddrSet helper.

SetSourceIPv4Net helper.

SetSPort helper.

SetSPortRange returns a new port range expression.

SetSPortSet helper.

Returns a source port payload expression.

ConntrackStateDatatype object.

TypeConntrackStateEstablished bytes.

TypeConntrackStateNew bytes.

TypeConntrackStateRelated bytes.

TypeICMPTypeEchoRequest bytes.

TypeICMPv6TypeEchoRequest bytes.

TypeProtoICMP bytes.

TypeProtoICMPV6 bytes.

TypeProtoTCP bytes.

TypeProtoUDP bytes.

Validates an IP address.

Validates an IP address range.

Validates a port number.

Validates start and end port numbers.

Validates a Prefix/CIDR.

Transport protocol lengths and offsets.

IPv4 lengths and offsets.

IPv4 lengths and offsets.

IPv4 lengths and offsets.

IPv6 lengths and offsets.

IPv6 lengths and offsets.

IPv6 lengths and offsets.

Transport protocol lengths and offsets.

Transport protocol lengths and offsets.

NetInterface 本机网络.