ChainRule

class ChainRule(*, match: Optional[Match] = None, match_list: Optional[List[Match]] = None, target: Optional[Target] = None, uses_goto: Optional[bool] = False)[source]

This class represents a rule in an iptables(8) chain. A ChainRule has a (possibly empty) list of Match objects and an optional Target object.

Multiple Match objects of the same type can be included in a rule. Since multiple Match objects imply a logical-AND, including objects of the same type may be useful when using negation. However, there can be at most one PacketMatch object included.

Parameters:

  • match – optional Match object; if present, it is added to the rule’s list of Match objects

  • match_list – optional list of Match objects; if present, it is appended to the rule’s list of Match objects

  • target – a Target object

  • uses_goto – if True, rule processing continues at the specified target (which must be a ChainTarget) short-circuiting any rules following this one in the chain

classmethod create_from_existing(iptables_output_line: str, pft) ChainRule[source]

Create a ChainRule from a line of iptables -xnv output

Parameters:
get_byte_count() int[source]

Returns the byte count of the rule

get_chain()[source]

Returns the Chain where this rule belongs (returns None if this rule is not in any chain)

get_iptables_line() Optional[str][source]

Returns the iptables line if this rule was created from the output of iptables(8), otherwise it returns None.

get_match_list() List[Match][source]

Returns match list

get_packet_count() int[source]

Returns the packet count of the rule

get_rulenum() int[source]

Returns the rule number

get_target() Optional[Target][source]

Returns the rule target (a Target object) or None

get_target_chain()[source]

Returns the (non-builtin) Chain object that is the target of this rule, or None if this rule does not target a chain.

go_to(*, chain) ChainRule[source]

Add a goto to the specified chain.

Raises an IptablesError if the rule is already part of a Chain

Returns this object.

Parameters:

chain – a Chain object

has_match(match: Match) bool[source]

Returns True if the match list of this rule consists only of the specified match. An object of MatchNone can be used to test for an empty match list.

has_target(target: Target) bool[source]

Returns True if the rule has the specified target. An object of TargetNone can be used to test for lack of target.

jump_to(*, target: Optional[Target] = None, chain=None) ChainRule[source]

Add a jump to the specified target. The target is identified either via the target argument or via the chain argument.

Raises an IptablesError if:

  • both target and chain arguments are not None

  • the rule is already part of a Chain

Returns this object.

Parameters:

  • target – optional Target object

  • chain – optional Chain object

parsing_failed() bool[source]

Returns True if the rule has not been parsed successfully

set_target(target: Target) None[source]

Set the rule target

targets_chain(chain) bool[source]

Returns True if the target of this rule is the specified chain

Parameters:

chain – a Chain object

to_iptables_args() List[str][source]

Returns a list suitable to be used as an argument to the iptables(8) command

Raises an IptablesError if this is an unparsed rule

uses_goto() bool[source]

Returns True if this rule ‘goes’ to its (chain) target instead of ‘jumping’ to it.