https://github.com/alash3al/go-netfilter-queue

Go bindings for libnetfilter_queue (Forked from openshift/geard)
https://github.com/alash3al/go-netfilter-queue

golang gopacket iptables netfilter

Last synced: 5 months ago
JSON representation

Go bindings for libnetfilter_queue (Forked from openshift/geard)

• Host: GitHub
• URL: https://github.com/alash3al/go-netfilter-queue
• Owner: alash3al
• License: apache-2.0
• Fork: true (AkihiroSuda/go-netfilter-queue)
• Created: 2017-05-12T16:13:56.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2016-04-14T09:21:19.000Z (about 10 years ago)
• Last Synced: 2024-12-21T20:02:56.595Z (over 1 year ago)
• Topics: golang, gopacket, iptables, netfilter
• Language: Go
• Homepage:
• Size: 11.7 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
go-netfilter-queue

==================

[![Build Status](https://travis-ci.org/AkihiroSuda/go-netfilter-queue.svg)](https://travis-ci.org/AkihiroSuda/go-netfilter-queue)

[![GoDoc](https://godoc.org/github.com/AkihiroSuda/go-netfilter-queue?status.svg)](https://godoc.org/github.com/AkihiroSuda/go-netfilter-queue)

Go bindings for libnetfilter_queue

_Forked from [openshift/geard@be0423a](https://github.com/openshift/geard/tree/be0423a67449bc4be1419e03e8bdf459ff0df07e/pkg/go-netfilter-queue)_ for supporting recent environments. I'm using Go 1.6 for testing.

This library provides access to packets in the IPTables netfilter queue (NFQUEUE).

The libnetfilter_queue library is part of the [Netfilter project| http://netfilter.org/projects/libnetfilter_queue/].

Example

=======

use IPTables to direct all outgoing Ping/ICMP requests to the queue 0:

    iptables -A OUTPUT -p icmp -j NFQUEUE --queue-num 0

You can then use go-netfilter-queue to inspect the packets:

    package main

    

    import (

            "fmt"

            "github.com/AkihiroSuda/go-netfilter-queue"

            "os"

    )

    

    func main() {

            var err error

    

            nfq, err := netfilter.NewNFQueue(0, 100, netfilter.NF_DEFAULT_PACKET_SIZE)

            if err != nil {

                    fmt.Println(err)

                    os.Exit(1)

            }

            defer nfq.Close()

            packets := nfq.GetPackets()

    

            for true {

                    select {

                    case p := <-packets:

                            fmt.Println(p.Packet)

                            p.SetVerdict(netfilter.NF_ACCEPT)

                    }

            }

    }

To undo the IPTables redirect. Run:

    iptables -D OUTPUT -p icmp -j NFQUEUE --queue-num 0