PacketMatch¶

Example:

>>> m = PacketMatch()
>>> m.input_interface().equals('eth0')
<linuxnet.iptables.match.PacketMatch object at 0x7ff96e466e10>
>>> m.fragment().not_equals()
<linuxnet.iptables.match.PacketMatch object at 0x7ff96e466e10>
>>> m.source_address().equals(IPv4Network('192.168.1.0/24'))
<linuxnet.iptables.match.PacketMatch object at 0x7ff96e466e10>
>>> m.to_iptables_args()
['-i', 'eth0', '!', '-f', '-s', '192.168.1.0/24']

class PacketMatch[source]¶

This class provides matching against the following attributes of a packet:

input interface
output interface
protocol
source address
destination address
fragment bit

protocol() → ProtocolCriterion[source]¶: Match against the protocol

input_interface() → InputInterfaceCriterion[source]¶: Match against the input interface

output_interface() → OutputInterfaceCriterion[source]¶: Match against the output interface

source_address() → SourceAddressCriterion[source]¶: Match against the source address

dest_address() → DestAddressCriterion[source]¶: Match against the destination address

fragment() → FragmentCriterion[source]¶: Match if packet has (or has not) the fragment bit set

to_iptables_args() → List[str][source]¶: Generate an iptables(8) arguments list for the set criteria

InputInterfaceCriterion¶

class InputInterfaceCriterion(match: Match)[source]¶

Compare with the input interface.

The comparison value is an interface name (a string).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value) → Match¶: Compare with the specified value

get_iptables_option() → str¶: Returns the iptables(8) option

get_value() → Any¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

OutputInterfaceCriterion¶

class OutputInterfaceCriterion(match: Match)[source]¶

Compare with the output interface.

The comparison value is an interface name (a string).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value) → Match¶: Compare with the specified value

get_iptables_option() → str¶: Returns the iptables(8) option

get_value() → Any¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

ProtocolCriterion¶

class ProtocolCriterion(match: Match)[source]¶

Compare with the protocol.

The comparison value is a protocol name (a string).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value) → Match¶: Compare with the specified value

get_iptables_option() → str¶: Returns the iptables(8) option

get_value() → Any¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

SourceAddressCriterion¶

class SourceAddressCriterion(match: Match)[source]¶

Compare with the source address.

The comparison value is an IPv4Network.

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value) → Match¶: Compare with the specified value

get_iptables_option() → str¶: Returns the iptables(8) option

get_value() → Any¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

DestAddressCriterion¶

class DestAddressCriterion(match: Match)[source]¶

Compare with the destination address.

The comparison value is an IPv4Network.

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value) → Match¶: Compare with the specified value

get_iptables_option() → str¶: Returns the iptables(8) option

get_value() → Any¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

FragmentCriterion¶

class FragmentCriterion(match: Match)[source]¶

Check if a packet is a fragment.

bit_not_set() → Match¶: Check if the bit is set

bit_set() → Match¶: Check if the bit is set

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals() → Match¶: Compare with the setting of the bit

get_value() → bool¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion; True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals() → Match¶: Express a test against the criterion being False

PacketMatch¶

InputInterfaceCriterion¶

OutputInterfaceCriterion¶

ProtocolCriterion¶

SourceAddressCriterion¶

DestAddressCriterion¶

FragmentCriterion¶

linuxnet-iptables

Navigation

Related Topics