OwnerMatch

Example:

>>> from linuxnet.iptables import OwnerMatch
>>> m = OwnerMatch()
>>> m.uid().equals(10).gid().not_equals(100, 200).socket_exists()
<linuxnet.iptables.matches.ownermatch.OwnerMatch object at 0x7f6adcd98240>
>>> m.to_iptables_args()
['-m', 'owner', '--uid-owner', '10', '!', '--gid-owner', '100-200']
>>> mm = OwnerMatch()
>>> mm.socket_exists().equals()
<linuxnet.iptables.matches.ownermatch.OwnerMatch object at 0x7f6adbe862b0>
>>> mm.to_iptables_args()
['-m', 'owner', '--socket-exists']

class OwnerMatch

Match against userid, groupid, or socket existence.

Only numeric userid, groupid values are supported.

uid() → UidCriterion

Compare with the UID

gid() → GidCriterion

Compare with the GID

socket_exists() → SocketExistsCriterion

Match if there is a socket for this packet

to_iptables_args() → List[str]

Returns iptables(8) arguments for this match

---

UidCriterion

class UidCriterion(match: Match)

Compare with a uid, or uid range

compare(is_equal: bool, *args, **kwargs) → Match

Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(from_num: int, to_num: Optional[int] = None) → Match

Compare with a number (or inclusion in number-range if to_num is present)

get_value() → Tuple[int, Optional[int]]

Returns the value that the criterion is comparing against

Return type:

a tuple of (int, int|None)

is_positive() → bool

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool

Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

---

GidCriterion

class GidCriterion(match: Match)

Compare with a gid, or gid range

compare(is_equal: bool, *args, **kwargs) → Match

Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(from_num: int, to_num: Optional[int] = None) → Match

Compare with a number (or inclusion in number-range if to_num is present)

get_value() → Tuple[int, Optional[int]]

Returns the value that the criterion is comparing against

Return type:

a tuple of (int, int|None)

is_positive() → bool

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool

Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

---

SocketExistsCriterion

class SocketExistsCriterion(match: Match)

Perform a socket existence test

bit_not_set() → Match

Check if the bit is set

bit_set() → Match

Check if the bit is set

compare(is_equal: bool, *args, **kwargs) → Match

Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals() → Match

Compare with the setting of the bit

get_value() → bool

Returns the criterion value

is_positive() → bool

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool

Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.