LimitMatch

Example:

>>> from linuxnet.iptables import LimitMatch
>>> m = LimitMatch()
>>> m.limit().equals(LimitMatch.Rate(1)).burst().equals(10)
<linuxnet.iptables.matches.limitmatch.LimitMatch object at 0x7f4191c70208>
>>> m.to_iptables_args()
['-m', 'limit', '--limit', '1/sec', '--limit-burst', '10']
>>> m = LimitMatch()
>>> Rate = LimitMatch.Rate
>>> m.limit().equals(Rate(3, Rate.PER_MINUTE))
<linuxnet.iptables.matches.limitmatch.LimitMatch object at 0x7f4191c704e0>
>>> m.to_iptables_args()
['-m', 'limit', '--limit', '3/min']
class LimitMatch[source]

Match against a rate limit with a maximum burst

class Rate(rate: int, interval: Optional[str] = None)

Used to express rates

Parameters:

  • rate – (integer) rate value

  • interval – optional (string) time interval (defaults to PER_SEC)

Possible interval values are:

PER_DAY = 'day'

day interval

PER_HOUR = 'hour'

hour interval

PER_MIN = 'min'

minute interval

PER_MINUTE = 'minute'

minute interval (normalized to ‘min’)

PER_SEC = 'sec'

second interval

PER_SECOND = 'second'

second interval (normalized to ‘sec’)

get_interval() str

Returns the rate interval

get_rate() int

Returns the rate value

classmethod str2rate(spec: str) Rate

Convert the spec string into a Rate object. The expected format is: num/interval (e.g. 10/min).

Raises a ValueError if spec cannot be parsed.

static get_match_name() str[source]

Returns the iptables(8) match extension name

get_criteria() Iterable[Criterion][source]

Returns the limit match criteria: rate-limit, burst Note that the burst criterion will be None if the rate-limit criterion has not been set.

limit() RateLimitCriterion[source]

Compare with the rate limit

burst() BurstCriterion[source]

Compare with the burst limit

RateLimitCriterion

class RateLimitCriterion(match: Match)[source]

Compare with a rate limit

The comparison value is a LimitMatch.Rate object

get_value() Rate[source]

Returns the value that the criterion is comparing against

equals(rate: Rate) Match[source]

Compare with the specified rate (a LimitMatch.Rate object)

not_equals(*args, **kwargs)[source]

This Criterion method is not supported because the limit match does not support ‘!’

any() Match

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) Match

Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

is_positive() bool

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() bool

Returns True if the criterion has been set

BurstCriterion

class BurstCriterion(match: Match)[source]

Compare with the burst limit

The comparison value is an integer

not_equals(*args, **kwargs)[source]

This Criterion method is not supported because the limit match does not support ‘!’

any() Match

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) Match

Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value) Match

Compare with the specified value

get_iptables_option() str

Returns the iptables(8) option

get_value() Any

Returns the criterion value

is_positive() bool

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() bool

Returns True if the criterion has been set