programmatic access to Linux iptables
Project description
linuxnet-iptables
linuxnet-iptables provides programmatic access to the
Linux iptables(8)
(or ip6tables(8)
) command.
Using linuxnet-iptables one can view existing chains/rules,
create new ones, or delete existing ones.
The package documentation is available
here.
For the following examples, Python3 (3.6 or later) is required.
>>> from linuxnet.iptables import IptablesPacketFilterTable
>>> table = IptablesPacketFilterTable('filter')
>>> table.read_system_config()
>>> input_chain = table.get_chain('INPUT')
>>> for rule in input_chain:
... print(' '.join(rule.to_iptables_args()))
...
-j prod_bad_traffic
-m state --state RELATED,ESTABLISHED -j ACCEPT
-j prod_ingress
-j prod_INPUT_ldrop
>>>
>>> print(input_chain.get_packet_count())
183506560
>>>
The above code requires root access in order to successfully invoke the
iptables
command. If you are uncomfortable running it as root, you can
extract the iptables
output as root and then process it with
linuxnet-iptables (note that the -xnv options must be
specified):
# iptables -xnv -L > /tmp/iptables.output
#
Then, as a regular user:
>>> with open("/tmp/iptables.output") as f:
... output = f.read()
...
>>> from linuxnet.iptables import IptablesPacketFilterTable
>>> table = IptablesPacketFilterTable('filter')
>>> table.init_from_output(output)
True
>>> input_chain = table.get_chain('INPUT')
>>> for rule in input_chain:
... print(' '.join(rule.to_iptables_args()))
...
-j prod_bad_traffic
-m state --state RELATED,ESTABLISHED -j ACCEPT
-j prod_ingress
-j prod_INPUT_ldrop
>>>
Modifications to the chains are also supported as shown in the following (hereon, root permissions will be assumed).
Creating a new chain:
>>> from linuxnet.iptables import ChainRule, Targets
>>> newchain = table.create_chain('acceptall')
>>> newchain.append_rule(ChainRule(target=Targets.ACCEPT))
>>>
# iptables -nv -L acceptall
Chain acceptall (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
#
Modifying the new chain to only accept TCP packets:
>>> newchain.flush() # remove the existing rule
>>> from linuxnet.iptables import PacketMatch
>>> match_tcp = PacketMatch().protocol().equals('tcp')
>>> rule = ChainRule(match=match_tcp, target=Targets.ACCEPT)
>>> newchain.append_rule(rule)
>>> newchain.append_rule(ChainRule(target=Targets.DROP))
>>>
# iptables -L acceptall -nv
Chain acceptall (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
#
Deleting the new chain:
>>> table.delete_chain(newchain)
>>>
Installation
Python3 is required.
Available Makefile
targets can be listed by invoking make
with no arguments.
make install
will install the package.
make test
runs the unit tests.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file linuxnet_iptables-7.4.4.tar.gz
.
File metadata
- Download URL: linuxnet_iptables-7.4.4.tar.gz
- Upload date:
- Size: 108.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.4.0 pkginfo/1.9.5 requests/2.27.1 requests-toolbelt/0.10.1 tqdm/4.52.0 CPython/3.10.14
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9a59ad21f35b17130a838d311185cad73afcf1853e4290948764b43e17898a17 |
|
MD5 | 49d88b584c8e0e8076c472de5d0b1b86 |
|
BLAKE2b-256 | b4e067f2e72d2a6b16981d2077e2a2e7b845a1718e0ad908020eb28f234b0ee6 |
File details
Details for the file linuxnet_iptables-7.4.4-py3-none-any.whl
.
File metadata
- Download URL: linuxnet_iptables-7.4.4-py3-none-any.whl
- Upload date:
- Size: 114.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.4.0 pkginfo/1.9.5 requests/2.27.1 requests-toolbelt/0.10.1 tqdm/4.52.0 CPython/3.10.14
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4143fe5f8e0598b3f9b1a63cf9d40f01551aa708df0439c945e53682817b6189 |
|
MD5 | 29136198aece9edace895d3a1d35630e |
|
BLAKE2b-256 | 191dec73a87f4293c80dcea53d1039a2c7f0cac6cc592b95dceeebfad9a7c286 |