OwnerMatch¶

Example:

>>> from linuxnet.iptables import OwnerMatch
>>> m = OwnerMatch()
>>> m.uid().equals(10).gid().not_equals(100, 200).socket_exists()
<linuxnet.iptables.matches.ownermatch.OwnerMatch object at 0x7f6adcd98240>
>>> m.to_iptables_args()
['-m', 'owner', '--uid-owner', '10', '!', '--gid-owner', '100-200']
>>> mm = OwnerMatch()
>>> mm.socket_exists().equals()
<linuxnet.iptables.matches.ownermatch.OwnerMatch object at 0x7f6adbe862b0>
>>> mm.to_iptables_args()
['-m', 'owner', '--socket-exists']

class OwnerMatch[source]¶

Match against userid, groupid, or socket existence.

Only numeric userid, groupid values are supported.

static get_match_name() → str[source]¶: Returns the iptables(8) match extension name

get_criteria() → Iterable[Criterion][source]¶: Returns the owner match criteria: uid, gid, socket-exists

uid() → UidCriterion[source]¶: Compare with the UID

gid() → GidCriterion[source]¶: Compare with the GID

socket_exists() → SocketExistsCriterion[source]¶: Match if there is a socket for this packet

suppl_groups() → SupplGroupsCriterion[source]¶: Consider supplementary groups for gid match

UidCriterion¶

class UidCriterion(match: Match)[source]¶

Compare with a uid, or uid range

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(first: int, last: Optional[int] = None) → Match¶: Compare with a number (or inclusion in number-range if last is present)

get_value() → Tuple[int, Optional[int]]¶

Returns the value that the criterion is comparing against

Return type:: a tuple of (int, int|None)

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

GidCriterion¶

class GidCriterion(match: Match)[source]¶

Compare with a gid, or gid range

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(first: int, last: Optional[int] = None) → Match¶: Compare with a number (or inclusion in number-range if last is present)

get_value() → Tuple[int, Optional[int]]¶

Returns the value that the criterion is comparing against

Return type:: a tuple of (int, int|None)

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

SocketExistsCriterion¶

class SocketExistsCriterion(match: Match)[source]¶

Perform a socket existence test

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

bit_not_set() → Match¶: Check if the bit is set

bit_set() → Match¶: Check if the bit is set

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals() → Match¶: Compare with the setting of the bit

get_value() → bool¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals() → Match¶: Express a test against the criterion being False

SupplGroupsCriterion¶

class SupplGroupsCriterion(match: Match)[source]¶

Consider supplementary groups for GID match

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

bit_not_set() → Match¶: Check if the bit is set

bit_set() → Match¶: Check if the bit is set

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals() → Match¶: Compare with the setting of the bit

get_value() → bool¶: Returns the criterion value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals() → Match¶: Express a test against the criterion being False

OwnerMatch¶

UidCriterion¶

GidCriterion¶

SocketExistsCriterion¶

SupplGroupsCriterion¶

linuxnet-iptables

Navigation

Related Topics