SetMatch¶

Example:

>>> from linuxnet.iptables import SetMatch
>>> m = SetMatch()
>>> m.match_set().equals('foo', 'src,dst')
<linuxnet.iptables.matches.setmatch.SetMatch object at 0x7f886d7cf9a0>
>>> m.to_iptables_args()
['-m', 'set', '--match-set', 'foo', 'src,dst']

class SetMatch[source]¶

Match against IP sets defined via ipset(8)

static get_match_name()[source]¶: Returns the iptables(8) match extension name

get_criteria() → Iterable[Criterion][source]¶: Returns the set match criteria.

match_set() → MatchSetCriterion[source]¶: Returns the criterion to identify the IPset and flags

return_nomatch() → BooleanCriterion[source]¶: Specify the --return-nomatch option.

update_counters() → BooleanCriterion[source]¶: Specify update of packet/byte counters

update_subcounters() → BooleanCriterion[source]¶: Specify update of packet/byte counters of the matching element in the member set of a list type

packet_counter() → PacketCounterCriterion[source]¶: Returns the criterion comparing against the set’s packet counter

byte_counter() → ByteCounterCriterion[source]¶: Returns the criterion comparing against the set’s byte counter

MatchSetCriterion¶

class MatchSetCriterion(match: Match)[source]¶

Match against a set defined by ipset(8)

get_value() → Tuple[str, str][source]¶

The value is the tuple (set-name, flags)

Return type:: tuple of (str, str)

equals(name: str, flags: str) → Match[source]¶

Check against the specified ipset name using the specified flags

Parameters:

name – ipset(8) name
flags – comma-separated list of src and/or dst specifications

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

PacketCounterCriterion¶

class PacketCounterCriterion(match: Match)[source]¶

A criterion for a packet counter value comparison used by SetMatch.

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value: int) → Match¶

Check if the counter is equal to value

Parameters:: value – the counter value

get_value() → Tuple[int, str]¶

Returns the value that the criterion is comparing against and the comparison operation (as a string)

Return type:: tuple of (int, str)

greater_than(value: int) → Match¶

Check if the counter is greater than value

Parameters:: value – the counter value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

less_than(value: int) → Match¶

Check if the counter is less than value

Parameters:: value – the counter value

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

ByteCounterCriterion¶

class ByteCounterCriterion(match: Match)[source]¶

A criterion for a byte counter value comparison used by SetMatch.

any() → Match¶

Match any value.

This method is used when creating a Criterion in order to search an existing chain for rules that try to match against certain packet properties (e.g. input interface) without being particular about the specific property value (e.g. eth0).

compare(is_equal: bool, *args, **kwargs) → Match¶: Alternative method used for comparisons. It invokes equals() (or not_equals()) with args and kwargs if is_equal is True (or False).

equals(value: int) → Match¶

Check if the counter is equal to value

Parameters:: value – the counter value

get_value() → Tuple[int, str]¶

Returns the value that the criterion is comparing against and the comparison operation (as a string)

Return type:: tuple of (int, str)

greater_than(value: int) → Match¶

Check if the counter is greater than value

Parameters:: value – the counter value

is_positive() → bool¶

Returns the ‘polarity’ of the criterion: True for equals() or False for not_equals()

Raises IptablesError if the criterion is not set

is_set() → bool¶: Returns True if the criterion has been set

less_than(value: int) → Match¶

Check if the counter is less than value

Parameters:: value – the counter value

not_equals(*args, **kwargs) → Match¶

Express inequality comparison against the argument values.

The arguments of this method are the same as those of the equals() method.

This method invokes the equals() method and then reverses the polarity.

Returns this Match object.

SetMatch¶

MatchSetCriterion¶

PacketCounterCriterion¶

ByteCounterCriterion¶

linuxnet-iptables

Navigation

Related Topics