ConnmarkTarget

class ConnmarkTarget(*, mark: Optional[int] = None, restore_mark=False, save_mark=False, nfmask: Optional[int] = None, ctmask: Optional[int] = None)[source]

This class provides access to the CONNMARK target

Parameters:

  • mark – value used to set the ctmark value (associated with a connection)

  • restore_mark – if True, copy the connection mark to the packet mark

  • save_mark – if True, copy the packet mark to the connection mark

  • nfmask – applies to the save/restore operation (see iptables(8)); defaults to 0xffffffff if not present

  • ctmask – applies to the save/restore operation (see iptables(8)); defaults to 0xffffffff if not present

is_restoring_mark() bool[source]

Returns True if this target object is set to restore the mark, i.e. copy the connection mark to the packet mark

is_saving_mark() bool[source]

Returns True if this target object is set to save the mark, i.e. copy the packet mark to the connection mark

restore_mark(*, nfmask: Optional[int] = None, ctmask: Optional[int] = None) None[source]

Sets this target object to restore the mark.

Parameters:

  • nfmask – defaults to 0xffffffff if not present

  • ctmask – defaults to 0xffffffff if not present

save_mark(*, nfmask: Optional[int] = None, ctmask: Optional[int] = None) None[source]

Sets this target object to save the mark.

Parameters:

  • nfmask – defaults to 0xffffffff if not present

  • ctmask – defaults to 0xffffffff if not present

get_nfmask() int[source]

Returns the nfmask

and_mark(mask: int) Target

Clear the bits identified by mask

get_ctmask() int[source]

Returns the ctmask

get_mark() Optional[int]

Returns the mark value set by this target

get_mask() Optional[int]

Returns the mask used by this target

get_op() Optional[int]

Returns the operation

Return type:

an integer with one of the following values: SET, XSET, AND, OR, XOR, or None

get_target_name() str

Returns the target name

is_terminating() bool

Returns True if this is a terminating target

or_mark(mask: int) Target

Set the bits identified by mask

set_mark(value: int, mask: Optional[int] = None) Target

Perform the operation:

mark = (mark AND NOT(mask)) OR value

If mask is not present, the operation becomes mark = value.

set_xmark(value: int, mask: Optional[int] = None) Target

Perform the operation:

mark = (mark AND NOT(mask)) XOR value

If mask is not present, the operation becomes mark = value.

xor_mark(mask: int) Target

Xor the bits identified by mask

to_iptables_args() List[str][source]

Returns a list of iptables(8) arguments