Georg/nftables-http-api-go
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.
68dbfeff05
nftables-http-api-go/README.md
Georg Pfuetzenreuter 68dbfeff05
Bye 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2024-09-28 17:01:28 +02:00

1.1 KiB
Raw Blame History

Superseded

The Go nftables library is nice, but the Python one allows for native access to the nft JSON representation, avoiding the need for workarounds to replicate functionality of the nft commandline. Hence this Go based project is now abandoned in favor of its Python equivalent.

RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet

Generate token hashes using any bcrypt hashing tool, htpasswd from the apache-utils suite works well:

$ htpasswd -Bn x

Ignore the username part.

TODO

  • Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example /set/foo) instead of set names to make it useful for paths other than sets.
  • Improve logging, introduce a debug flag.
  • Add tests (which may need to be run in a privileged container to simulate nftables).