Georg/nftables-http-api-go
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.
8 Commits 1 Branch 0 Tags 55 KiB
Go 100%
bad275abe2
Go to file
Georg Pfuetzenreuter bad275abe2
Support adding addresses with CIDR mask 
Correctly parse and add submitted networks to sets to reflect the
behavior of the `nft` command line.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2024-09-10 22:11:03 +02:00
.gitignore Basics 2024-08-30 05:13:05 +02:00
go.mod Basics for nftables 2024-08-30 06:44:37 +02:00
go.sum Basics for nftables 2024-08-30 06:44:37 +02:00
nft.go Support adding addresses with CIDR mask 2024-09-10 22:11:03 +02:00
nftables-http-api.go Remove redundant nil nftResult handling 2024-08-30 20:37:44 +02:00
README.md Add TODO section 2024-08-31 19:23:21 +02:00
utils.go Support adding addresses with CIDR mask 2024-09-10 22:11:03 +02:00

README.md

RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet

Generate token hashes using any bcrypt hashing tool, htpasswd from the apache-utils suite works well:

$ htpasswd -Bn x

Ignore the username part.

TODO

  • Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example /set/foo) instead of set names to make it useful for paths other than sets.
  • Improve logging, introduce a debug flag.
  • Add tests (which may need to be run in a privileged container to simulate nftables).