OwnerMatch¶

Example:

>>> from linuxnet.iptables import OwnerMatch
>>> m = OwnerMatch()
>>> m.uid().equals(10).gid().not_equals(100, 200).socket_exists()
<linuxnet.iptables.matches.ownermatch.OwnerMatch object at 0x7f6adcd98240>
>>> m.to_iptables_args()
['-m', 'owner', '--uid-owner', '10', '!', '--gid-owner', '100-200']
>>> mm = OwnerMatch()
>>> mm.socket_exists().equals()
<linuxnet.iptables.matches.ownermatch.OwnerMatch object at 0x7f6adbe862b0>
>>> mm.to_iptables_args()
['-m', 'owner', '--socket-exists']

class OwnerMatch[source]¶

Match against userid, groupid, or socket existence.

Only numeric userid, groupid values are supported.

uid() → UidCriterion[source]¶: Compare with the UID

gid() → GidCriterion[source]¶: Compare with the GID

socket_exists() → SocketExistsCriterion[source]¶: Match if there is a socket for this packet

to_iptables_args() → List[str][source]¶: Returns iptables(8) arguments for this match

UidCriterion¶

class UidCriterion(match: Match)[source]¶

Compare with a uid, or uid range

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(from_num: int, to_num: Optional[int] = None) → Match¶: Compare with a number (or inclusion in number-range if to_num is present)

get_value() → Tuple[int, Optional[int]]¶

Returns the value that the criterion is comparing against

Return type:: a tuple of (int, int|None)

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

GidCriterion¶

class GidCriterion(match: Match)[source]¶

Compare with a gid, or gid range

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(from_num: int, to_num: Optional[int] = None) → Match¶: Compare with a number (or inclusion in number-range if to_num is present)

get_value() → Tuple[int, Optional[int]]¶

Returns the value that the criterion is comparing against

Return type:: a tuple of (int, int|None)

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

SocketExistsCriterion¶

class SocketExistsCriterion(match: Match)[source]¶

Perform a socket existence test

bit_not_set() → Match¶: Check if the bit is set

bit_set() → Match¶: Check if the bit is set

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals() → Match¶: Compare with the setting of the bit

get_value() → bool¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals() → Match¶: Express a test against the criterion being False

OwnerMatch¶

UidCriterion¶

GidCriterion¶

SocketExistsCriterion¶

linuxnet-iptables

Navigation

Related Topics