Archived

This repository has been archived on 2024-09-28. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Georg Pfuetzenreuter bad275abe2

Support adding addresses with CIDR mask

Correctly parse and add submitted networks to sets to reflect the
behavior of the `nft` command line.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

2024-09-10 22:11:03 +02:00

.gitignore

Basics

2024-08-30 05:13:05 +02:00

go.mod

Basics for nftables

2024-08-30 06:44:37 +02:00

go.sum

Basics for nftables

2024-08-30 06:44:37 +02:00

nft.go

Support adding addresses with CIDR mask

2024-09-10 22:11:03 +02:00

nftables-http-api.go

Remove redundant nil nftResult handling

2024-08-30 20:37:44 +02:00

README.md

Add TODO section

2024-08-31 19:23:21 +02:00

utils.go

Support adding addresses with CIDR mask

2024-09-10 22:11:03 +02:00

README.md

RESTful HTTP API for nftables sets

Early work in progress.

Configuration contains hashed tokens, which can in the future be used to authorize modifications for a list of nftables sets:

tokensets:
  $2y$05$ZifkrfFg2XZU2ds7Lrcl9usJVyxHro9Ezjo84OMpsBSau4pEu42eS:
    - SomeSet

Generate token hashes using any bcrypt hashing tool, htpasswd from the apache-utils suite works well:

$ htpasswd -Bn x

Ignore the username part.

TODO

Expanding to further nftables functionality. For this, the ACL configuration should be reworked to operate on API paths (for example /set/foo) instead of set names to make it useful for paths other than sets.
Improve logging, introduce a debug flag.
Add tests (which may need to be run in a privileged container to simulate nftables).