30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
## Superseded
|
|
|
|
The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the `nft` commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.
|
|
|
|
# RESTful HTTP API for nftables sets
|
|
|
|
Early work in progress.
|
|
|
|
Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:
|
|
|
|
```
|
|
tokensets:
|
|
$2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
|
|
- SomeSet
|
|
```
|
|
|
|
Generate token hashes using any bcrypt hashing tool, `htpasswd` from the `apache-utils` suite works well:
|
|
|
|
```
|
|
$ htpasswd -Bn x
|
|
```
|
|
|
|
Ignore the username part.
|
|
|
|
### TODO
|
|
|
|
- Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example `/set/foo`) instead of set names to make it useful for paths other than sets.
|
|
- Improve logging, introduce a debug flag.
|
|
- Add tests (which may need to be run in a privileged container to simulate nftables).
|