nftables 0.6.3

Safe abstraction for nftables JSON API. It can be used to create nftables rulesets in Rust and parse existing nftables rulesets from JSON.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use strum_macros::EnumString;

/// Families in nftables.
///
/// See <https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families>.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "lowercase")]
pub enum NfFamily {
    IP,
    IP6,
    INet,
    ARP,
    Bridge,
    NetDev,
}

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "lowercase")]
/// Represents the type of a Chain.
pub enum NfChainType {
    Filter,
    Route,
    NAT,
}

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "lowercase")]
/// Represents the policy of a Chain.
pub enum NfChainPolicy {
    Accept,
    Drop,
}

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "lowercase")]
/// Represents a netfilter hook.
///
/// See <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>.
pub enum NfHook {
    Ingress,
    Prerouting,
    Forward,
    Input,
    Output,
    Postrouting,
    Egress,
}

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "lowercase")]
/// Represents a conntrack helper protocol.
pub enum CTHProto {
    TCP,
    UDP,
    DCCP,
    SCTP,
    GRE,
    ICMPv6,
    ICMP,
    Generic,
}

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
pub enum RejectCode {
    #[serde(rename = "admin-prohibited")]
    /// Host administratively prohibited (ICMPX, ICMP, ICMPv6)
    AdminProhibited,
    #[serde(rename = "port-unreachable")]
    /// Destination port unreachable (ICMPX, ICMP, ICMPv6)
    PortUnreach,
    #[serde(rename = "no-route")]
    /// No route to destination (ICMPX, ICMP, ICMPv6)
    NoRoute,
    #[serde(rename = "host-unreachable")]
    /// Destination host unreachable (ICMPX, ICMP, ICMPv6)
    HostUnreach,
    #[serde(rename = "net-unreachable")]
    /// Destination network unreachable (ICMP)
    NetUnreach,
    #[serde(rename = "prot-unreachable")]
    /// Destination protocol unreachable (ICMP)
    ProtUnreach,
    #[serde(rename = "net-prohibited")]
    /// Network administratively prohibited (ICMP)
    NetProhibited,
    #[serde(rename = "host-prohibited")]
    /// Host administratively prohibited (ICMP)
    HostProhibited,
    #[serde(rename = "addr-unreachable")]
    /// Address unreachable (ICMPv6)
    AddrUnreach,
}

#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, EnumString, Hash, JsonSchema)]
#[serde(rename_all = "lowercase")]
#[strum(serialize_all = "lowercase")]
/// Describes a SynProxy's flags.
pub enum SynProxyFlag {
    /// Pass client timestamp option to backend.
    Timestamp,
    #[serde(rename = "sack-perm")]
    #[strum(serialize = "sack-perm")]
    /// Pass client selective acknowledgement option to backend.
    SackPerm,
}

#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "lowercase")]
/// A time unit (used by [limits][crate::schema::Limit]).
pub enum NfTimeUnit {
    /// A second.
    Second,
    /// A minute (60 seconds).
    Minute,
    /// An hour (3600 seconds).
    Hour,
    /// A day (86400 seconds).
    Day,
    /// A week (604800 seconds).
    Week,
}