Georg/nftables-http-api-go
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.
26a500ac96
nftables-http-api-go/README.md
Georg Pfuetzenreuter 26a500ac96
Add TODO section 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2024-08-31 19:23:21 +02:00

801 B
Raw Blame History

RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet

Generate token hashes using any bcrypt hashing tool, htpasswd from the apache-utils suite works well:

$ htpasswd -Bn x

Ignore the username part.

TODO

  • Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example /set/foo) instead of set names to make it useful for paths other than sets.
  • Improve logging, introduce a debug flag.
  • Add tests (which may need to be run in a privileged container to simulate nftables).