This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.
nftables-http-api-go/README.md

30 lines
1.1 KiB
Markdown
Raw Normal View History

## Superseded
The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the `nft` commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.
# RESTful HTTP API for nftables sets
Early work in progress.
Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:
```
tokensets:
$2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
- SomeSet
```
Generate token hashes using any bcrypt hashing tool, `htpasswd` from the `apache-utils` suite works well:
```
$ htpasswd -Bn x
```
Ignore the username part.
### TODO
- Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example `/set/foo`) instead of set names to make it useful for paths other than sets.
- Improve logging, introduce a debug flag.
- Add tests (which may need to be run in a privileged container to simulate nftables).