Golang Interface示例

编程语言: Golang

命名空间/包名称: github.com/openshift/openshift-sdn/pkg/firewalld

类/类型: Interface

hotexamples.com的示例: 2

Golang Interface - 已找到2个示例。这些是从开源项目中提取的最受好评的github.com/openshift/openshift-sdn/pkg/firewalld.Interface现实Golang示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

EnsureRule(2)

IsRunning(2)

示例#1

显示文件

文件： common.go 项目： kcbabo/origin

func SetupIptables(fw *firewalld.Interface, clusterNetworkCIDR string) error {
	if fw.IsRunning() {
		rules := []FirewallRule{
			{firewalld.IPv4, "nat", "POSTROUTING", 0, []string{"-s", clusterNetworkCIDR, "!", "-d", clusterNetworkCIDR, "-j", "MASQUERADE"}},
			{firewalld.IPv4, "filter", "INPUT", 0, []string{"-p", "udp", "-m", "multiport", "--dports", "4789", "-m", "comment", "--comment", "001 vxlan incoming", "-j", "ACCEPT"}},
			{firewalld.IPv4, "filter", "INPUT", 0, []string{"-i", "tun0", "-m", "comment", "--comment", "traffic from docker for internet", "-j", "ACCEPT"}},
			{firewalld.IPv4, "filter", "FORWARD", 0, []string{"-d", clusterNetworkCIDR, "-j", "ACCEPT"}},
			{firewalld.IPv4, "filter", "FORWARD", 0, []string{"-s", clusterNetworkCIDR, "-j", "ACCEPT"}},
		}

		for _, rule := range rules {
			err := fw.EnsureRule(rule.ipv, rule.table, rule.chain, rule.priority, rule.args)
			if err != nil {
				return err
			}
		}
	} else {
		dbus := utildbus.New()
		ipt := iptables.New(kexec.New(), dbus, iptables.ProtocolIpv4)

		_, err := ipt.EnsureRule(iptables.Append, iptables.TableNAT, iptables.ChainPostrouting, "-s", clusterNetworkCIDR, "!", "-d", clusterNetworkCIDR, "-j", "MASQUERADE")
		if err != nil {
			return err
		}
	}

	return nil
}

示例#2

显示文件

文件： multitenant.go 项目： nitintutlani/origin

func (c *FlowController) SetupIptables(fw *firewalld.Interface, containerNetwork string) error {
	if fw.IsRunning() {
		rules := []FirewallRule{
			{firewalld.IPv4, "nat", "POSTROUTING", 0, []string{"-s", containerNetwork, "!", "-d", containerNetwork, "-j", "MASQUERADE"}},
			{firewalld.IPv4, "filter", "INPUT", 0, []string{"-p", "udp", "-m", "multiport", "--dports", "4789", "-m", "comment", "--comment", "001 vxlan incoming", "-j", "ACCEPT"}},
			{firewalld.IPv4, "filter", "INPUT", 0, []string{"-i", "tun0", "-m", "comment", "--comment", "traffic from docker for internet", "-j", "ACCEPT"}},
			{firewalld.IPv4, "filter", "FORWARD", 0, []string{"-d", containerNetwork, "-j", "ACCEPT"}},
			{firewalld.IPv4, "filter", "FORWARD", 0, []string{"-s", containerNetwork, "-j", "ACCEPT"}},
		}

		for _, rule := range rules {
			err := fw.EnsureRule(rule.ipv, rule.table, rule.chain, rule.priority, rule.args)
			if err != nil {
				return err
			}
		}
	} else {
		exec.Command("iptables", "-t", "nat", "-D", "POSTROUTING", "-s", containerNetwork, "!", "-d", containerNetwork, "-j", "MASQUERADE").Run()
		err := exec.Command("iptables", "-t", "nat", "-A", "POSTROUTING", "-s", containerNetwork, "!", "-d", containerNetwork, "-j", "MASQUERADE").Run()
		if err != nil {
			return err
		}
	}

	return nil
}