TcpMatch¶

class TcpMatch[source]¶

Match against the fields of the TCP header

syn() → TcpFlagsCriterion[source]¶: Criterion for matching against a SYN packet

tcp_flags() → TcpFlagsCriterion[source]¶: Compare with TCP flags

source_port() → SourcePortCriterion[source]¶: Matching against the source port

dest_port() → DestPortCriterion[source]¶: Match against the destination port

to_iptables_args() → List[str][source]¶: Returns iptables(8) arguments for this match

classmethod parse(parser: MatchParser) → Match[source]¶: Parse the TCP criteria

TcpFlagsCriterion¶

class TcpFlagsCriterion(match: Match, syn_only=False)[source]¶

A criterion for comparing against packets with an arbitrary set of TCP flags set, or for comparing against SYN packets. This is an either-or use, determined at the time of object instantiation.

The value is the tuple (flags-checked, flags-set); both flags-checked and flags-set are comma-separated lists of TCP flag names.

get_value() → Tuple[Set[TcpFlag], Set[TcpFlag]][source]¶: Returns the value that the criterion is comparing against

is_syn_only()[source]¶: Returns True if the criterion is only meant to check for the SYN flag (but note that it may not be set yet)

bit_set() → Match[source]¶: This method can be used if this criterion implements a SYN-only comparison to check if the packet flags include only the SYN bit.

bit_not_set() → Match[source]¶: This method can be used if this criterion implements a SYN-only comparison to check for the non-existence of the SYN bit

equals(flags_checked: Optional[Set[TcpFlag]] = None, flags_set: Optional[List[TcpFlag]] = None) → Match[source]¶: Perform flags comparison

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

SourcePortCriterion¶

class SourcePortCriterion(match: Match)[source]¶

Compare with a source port or check for inclusion in port-range

The value is a the tuple (port, last_port) where last_port may be None

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(port: int, last_port: Optional[int] = None) → Match¶: Compare with a port (or inclusion in port-range if last_post is present)

get_value() → Tuple[int, Optional[int]]¶: Returns the value that the criterion is comparing against

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

DestPortCriterion¶

class DestPortCriterion(match: Match)[source]¶

Compare against a destination port or check for inclusion in port-range

The value is a the tuple (port, last_port) where last_port may be None

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(port: int, last_port: Optional[int] = None) → Match¶: Compare with a port (or inclusion in port-range if last_post is present)

get_value() → Tuple[int, Optional[int]]¶: Returns the value that the criterion is comparing against

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

TcpMatch¶

TcpFlagsCriterion¶

SourcePortCriterion¶

DestPortCriterion¶

linuxnet-iptables

Navigation

Related Topics