nftables-http-api-go

Archived

This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Georg Pfuetzenreuter 68dbfeff05

Bye

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

2024-09-28 17:01:28 +02:00

.gitignore

Basics

2024-08-30 05:13:05 +02:00

go.mod

Basics for nftables

2024-08-30 06:44:37 +02:00

go.sum

Basics for nftables

2024-08-30 06:44:37 +02:00

nft.go

Support adding addresses with CIDR mask

2024-09-10 22:11:03 +02:00

nftables-http-api.go

Remove redundant nil nftResult handling

2024-08-30 20:37:44 +02:00

README.md

Bye

2024-09-28 17:01:28 +02:00

utils.go

Support adding addresses with CIDR mask

2024-09-10 22:11:03 +02:00

README.md

## Superseded

The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the `nft` commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.

# RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

```
tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet
```

Generate token hashes using any bcrypt hashing tool, `htpasswd` from the `apache-utils` suite works well:

```
$ htpasswd -Bn x
```

Ignore the username part.

### TODO

- Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example `/set/foo`) instead of set names to make it useful for paths other than sets.
- Improve logging, introduce a debug flag.
- Add tests (which may need to be run in a privileged container to simulate nftables).