26 lines
801 B
Markdown
26 lines
801 B
Markdown
# RESTful HTTP API for nftables sets
|
|
|
|
Early work in progress.
|
|
|
|
Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:
|
|
|
|
```
|
|
tokensets:
|
|
$2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
|
|
- SomeSet
|
|
```
|
|
|
|
Generate token hashes using any bcrypt hashing tool, `htpasswd` from the `apache-utils` suite works well:
|
|
|
|
```
|
|
$ htpasswd -Bn x
|
|
```
|
|
|
|
Ignore the username part.
|
|
|
|
### TODO
|
|
|
|
- Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example `/set/foo`) instead of set names to make it useful for paths other than sets.
|
|
- Improve logging, introduce a debug flag.
|
|
- Add tests (which may need to be run in a privileged container to simulate nftables).
|