AddSystemRules creates the system firewall from configuration.
(reload, backupExistingChains bool)
| 101 | |
| 102 | // AddSystemRules creates the system firewall from configuration. |
| 103 | func (n *Nft) AddSystemRules(reload, backupExistingChains bool) { |
| 104 | n.SysConfig.RLock() |
| 105 | defer n.SysConfig.RUnlock() |
| 106 | |
| 107 | if n.SysConfig.Enabled == false { |
| 108 | log.Important("[nftables] AddSystemRules() fw disabled") |
| 109 | return |
| 110 | } |
| 111 | if backupExistingChains { |
| 112 | n.backupExistingChains() |
| 113 | } |
| 114 | |
| 115 | for _, fwCfg := range n.SysConfig.SystemRules { |
| 116 | for _, chain := range fwCfg.Chains { |
| 117 | if !n.CreateSystemRule(chain, true) { |
| 118 | log.Info("createSystem failed: %s %s", chain.Name, chain.Table) |
| 119 | continue |
| 120 | } |
| 121 | for i := len(chain.Rules) - 1; i >= 0; i-- { |
| 122 | if chain.Rules[i].UUID == "" { |
| 123 | uuid := uuid.New() |
| 124 | chain.Rules[i].UUID = uuid.String() |
| 125 | } |
| 126 | if chain.Rules[i].Enabled { |
| 127 | if err4, _ := n.AddSystemRule(chain.Rules[i], chain); err4 != nil { |
| 128 | n.SendError(fmt.Sprintf("%s (%s)", err4, chain.Rules[i].UUID)) |
| 129 | } |
| 130 | } |
| 131 | } |
| 132 | } |
| 133 | } |
| 134 | } |
| 135 | |
| 136 | // DeleteSystemRules deletes the system rules. |
| 137 | // If force is false and the rule has not been previously added, |
no test coverage detected