51 lines
1.4 KiB
Go
51 lines
1.4 KiB
Go
package firewall
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
)
|
|
|
|
// NewManager gets a firewall manager for this server. The context bounds the
|
|
// detection probes (each shells out or opens a D-Bus/systemd connection).
|
|
func NewManager(ctx context.Context, rulePrefix string) (Manager, error) {
|
|
// First check for firewalld as there are no firewall managers that use it.
|
|
firewalld, err := NewFirewallD(ctx, rulePrefix)
|
|
if err == nil {
|
|
return firewalld, nil
|
|
}
|
|
|
|
// Check if Ubuntu's Uncomplicated Firewall (UFW) is installed.
|
|
ufw, err := NewUFW(ctx, rulePrefix)
|
|
if err == nil {
|
|
return ufw, nil
|
|
}
|
|
|
|
// Check if ConfigServer Security & Firewall is installed.
|
|
csf, err := NewCSF(ctx, rulePrefix)
|
|
if err == nil {
|
|
return csf, nil
|
|
}
|
|
|
|
// Check if Advanced Policy Firewall is installed.
|
|
apf, err := NewAPF(ctx, rulePrefix)
|
|
if err == nil {
|
|
return apf, nil
|
|
}
|
|
|
|
// After checking common firewall managers that use iptables, try iptables.
|
|
iptables, err := NewIPTables(ctx, rulePrefix)
|
|
if err == nil {
|
|
return iptables, nil
|
|
}
|
|
|
|
// As a last resort, manage nftables directly. This is tried last so that a
|
|
// higher-level manager (which may itself be backed by nftables) is preferred
|
|
// when one is present.
|
|
nft, err := NewNFT(ctx, rulePrefix)
|
|
if err == nil {
|
|
return nft, nil
|
|
}
|
|
|
|
// If no manager found via the known managers, fail.
|
|
return nil, fmt.Errorf("no firewall manager found")
|
|
}
|