Struct PfCtl 

pub struct PfCtl { /* private fields */ }

Struct communicating with the PF firewall.

Implementations

impl PfCtl

pub fn new() -> Result<Self>

Returns a new PfCtl if opening the PF device file succeeded.

pub fn enable(&mut self) -> Result<()>

Tries to enable PF. If the firewall is already enabled it will return an StateAlreadyActive error. If there is some other error it will return an IoctlError.

pub fn try_enable(&mut self) -> Result<()>

Same as enable, but StateAlreadyActive errors are supressed and exchanged for Ok(()).

pub fn disable(&mut self) -> Result<()>

Tries to disable PF. If the firewall is already disabled it will return an StateAlreadyActive error. If there is some other error it will return an IoctlError.

pub fn try_disable(&mut self) -> Result<()>

Same as disable, but StateAlreadyActive errors are supressed and exchanged for Ok(()).

pub fn is_enabled(&mut self) -> Result<bool>

Tries to determine if PF is enabled or not.

pub fn add_anchor(&mut self, name: &str, kind: AnchorKind) -> Result<()>

pub fn try_add_anchor(&mut self, name: &str, kind: AnchorKind) -> Result<()>

Same as add_anchor, but StateAlreadyActive errors are supressed and exchanged for Ok(()).

pub fn remove_anchor(&mut self, name: &str, kind: AnchorKind) -> Result<()>

pub fn try_remove_anchor(&mut self, name: &str, kind: AnchorKind) -> Result<()>

Same as remove_anchor, but AnchorDoesNotExist errors are supressed and exchanged for Ok(()).

pub fn add_rule(&mut self, anchor: &str, rule: &FilterRule) -> Result<()>

pub fn set_rules(&mut self, anchor: &str, change: AnchorChange) -> Result<()>

pub fn add_nat_rule(&mut self, anchor: &str, rule: &NatRule) -> Result<()>

pub fn add_redirect_rule( &mut self, anchor: &str, rule: &RedirectRule, ) -> Result<()>

pub fn add_scrub_rule(&mut self, anchor: &str, rule: &ScrubRule) -> Result<()>

pub fn flush_rules(&mut self, anchor: &str, kind: RulesetKind) -> Result<()>

pub fn clear_states( &mut self, anchor_name: &str, kind: AnchorKind, ) -> Result<u32>

Clear states created by rules in anchor. Returns total number of removed states upon success, otherwise ErrorKind::AnchorDoesNotExist if anchor does not exist.

pub fn clear_interface_states(&mut self, interface: Interface) -> Result<u32>

Clear states belonging to a given interface Returns total number of removed states upon success

pub fn get_states(&mut self) -> Result<Vec<State>>

Get all states created by stateful rules

pub fn kill_state(&mut self, state: &State) -> Result<()>

Remove the specified state.

All current states can be obtained via [get_states].

pub fn set_interface_flag( &mut self, interface: Interface, flags: InterfaceFlags, ) -> Result<()>

Set the given interface flags for an interface.

These flags can be viewed with ‘pfctl -sI -v -i ’. See https://man.freebsd.org/cgi/man.cgi?pf(4)

pub fn clear_interface_flag( &mut self, interface: Interface, flags: InterfaceFlags, ) -> Result<()>

Clear the given interface flags for an interface.

https://man.freebsd.org/cgi/man.cgi?pf(4)