MCPcopy
hub / github.com/evilsocket/opensnitch / AddSystemRules

Method AddSystemRules

daemon/firewall/nftables/system.go:103–134  ·  view source on GitHub ↗

AddSystemRules creates the system firewall from configuration.

(reload, backupExistingChains bool)

Source from the content-addressed store, hash-verified

101
102// AddSystemRules creates the system firewall from configuration.
103func (n *Nft) AddSystemRules(reload, backupExistingChains bool) {
104 n.SysConfig.RLock()
105 defer n.SysConfig.RUnlock()
106
107 if n.SysConfig.Enabled == false {
108 log.Important("[nftables] AddSystemRules() fw disabled")
109 return
110 }
111 if backupExistingChains {
112 n.backupExistingChains()
113 }
114
115 for _, fwCfg := range n.SysConfig.SystemRules {
116 for _, chain := range fwCfg.Chains {
117 if !n.CreateSystemRule(chain, true) {
118 log.Info("createSystem failed: %s %s", chain.Name, chain.Table)
119 continue
120 }
121 for i := len(chain.Rules) - 1; i >= 0; i-- {
122 if chain.Rules[i].UUID == "" {
123 uuid := uuid.New()
124 chain.Rules[i].UUID = uuid.String()
125 }
126 if chain.Rules[i].Enabled {
127 if err4, _ := n.AddSystemRule(chain.Rules[i], chain); err4 != nil {
128 n.SendError(fmt.Sprintf("%s (%s)", err4, chain.Rules[i].UUID))
129 }
130 }
131 }
132 }
133 }
134}
135
136// DeleteSystemRules deletes the system rules.
137// If force is false and the rule has not been previously added,

Callers 2

ReloadConfCallbackMethod · 0.95
InitMethod · 0.95

Calls 7

backupExistingChainsMethod · 0.95
CreateSystemRuleMethod · 0.95
AddSystemRuleMethod · 0.95
RLockMethod · 0.80
RUnlockMethod · 0.80
SendErrorMethod · 0.80
StringMethod · 0.45

Tested by

no test coverage detected