Georg/nftables-http-api-go
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.
9 Commits 1 Branch 0 Tags 55 KiB
Go 100%
main
Go to file
Georg Pfuetzenreuter 68dbfeff05
Bye 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2024-09-28 17:01:28 +02:00
.gitignore Basics 2024-08-30 05:13:05 +02:00
go.mod Basics for nftables 2024-08-30 06:44:37 +02:00
go.sum Basics for nftables 2024-08-30 06:44:37 +02:00
nft.go Support adding addresses with CIDR mask 2024-09-10 22:11:03 +02:00
nftables-http-api.go Remove redundant nil nftResult handling 2024-08-30 20:37:44 +02:00
README.md Bye 2024-09-28 17:01:28 +02:00
utils.go Support adding addresses with CIDR mask 2024-09-10 22:11:03 +02:00

README.md

Superseded

The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the nft commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.

RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet

Generate token hashes using any bcrypt hashing tool, htpasswd from the apache-utils suite works well:

$ htpasswd -Bn x

Ignore the username part.

TODO

  • Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example /set/foo) instead of set names to make it useful for paths other than sets.
  • Improve logging, introduce a debug flag.
  • Add tests (which may need to be run in a privileged container to simulate nftables).