nftables-http-api-go/README.md

## Superseded

The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the `nft` commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.

# RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

```
tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet
```

Generate token hashes using any bcrypt hashing tool, `htpasswd` from the `apache-utils` suite works well:

```
$ htpasswd -Bn x
```

Ignore the username part.

### TODO

- Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example `/set/foo`) instead of set names to make it useful for paths other than sets.
- Improve logging, introduce a debug flag.
- Add tests (which may need to be run in a privileged container to simulate nftables).
Bye Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 2024-09-28 17:01:28 +02:00			`## Superseded`

			The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the `nft` commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.

Initial commit Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 2024-08-30 05:02:22 +02:00			`# RESTful HTTP API for nftables sets`
Basics Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 2024-08-30 05:13:05 +02:00
			`Early work in progress.`

			`Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:`

			```
			`tokensets:`
			`$2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:`
			`- SomeSet`
			```

			Generate token hashes using any bcrypt hashing tool, `htpasswd` from the `apache-utils` suite works well:

			```
			`$ htpasswd -Bn x`
			```

			`Ignore the username part.`
Add TODO section Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 2024-08-31 19:23:21 +02:00
			`### TODO`

			- Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example `/set/foo`) instead of set names to make it useful for paths other than sets.
			`- Improve logging, introduce a debug flag.`
			`- Add tests (which may need to be run in a privileged container to simulate nftables).`