如何使用pythoniptables编写特定的iptables规则

import iptc def dropAll(): chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT") rule = iptc.Rule() rule.in_interface = "eth+" target = iptc.Target(rule, "DROP") rule.target = target chain.insert_rule(rule) def allowLoopback(): chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT") rule = iptc.Rule() rule.in_interface = "lo" target = iptc.Target(rule, "ACCEPT") rule.target = target chain.insert_rule(rule) def allowEstablished(): chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT') rule = iptc.Rule() match = rule.create_match('state') match.state = "RELATED,ESTABLISHED" rule.target = iptc.Target(rule, 'ACCEPT') chain.insert_rule(rule) dropAll() allowLoopback() allowEstablished()

3条回答

网友

1楼 · 编辑于 2024-05-22 00:33:27

我知道这个老的，但我终于有一个工作脚本，希望有人会发现它有用。

import iptc

class pop_table:
    def __init__(self, table_name):
        self.table = iptc.Table(table_name)
        self.chains = dict()

        for i in self.table.chains:
            self.chains[i.name] = iptc.Chain(self.table, i.name)

        self.method = {'append': self.append,
                       'insert': self.insert}

    def append(self, chain, rule):
        tmp = self.chains[chain]
        tmp.append_rule(rule)

    def insert(self, chain, rule):
        tmp = self.chains[chain]
        tmp.insert_rule(rule)


class make_rule(iptc.Rule):
    def __init__(self):
        iptc.Rule.__init__(self)

        self.method={'block': self.block,
                     'snat': self.snat,
                     'allow': self.allow,
                     'i_iface': self.i_iface,
                     'o_iface': self.o_iface,
                     'source': self.source,
                     'destination': self.destination}

    def block(self):
        t = iptc.Target(self, 'REJECT')
        self.target = t

    def snat(self, snat_ip):
        t = iptc.Target(self, 'SNAT')
        t.to_source = snat_ip
        self.target = t

    def allow(self):
        t = iptc.Target(self, 'ACCEPT')
        self.target = t

    def i_iface(self, iface):
        self.in_interface = iface

    def o_iface(self, iface):
        self.out_interface = iface

    def source(self, netaddr):
        self.src = netaddr

    def destination(self, netaddr):
        self.dst = netaddr

class phyawall:
    def __init__(self):
        self.list = []

    def add_rule(self, rule_dict):
        tbl = pop_table(rule_dict['tblchn']['table'])
        chn = rule_dict['tblchn']['chain']
        act = tbl.method[rule_dict['tblchn']['action']]
        tmp = make_rule()

        for i in rule_dict['rule']:
            tmp.method[i](rule_dict['rule'][i])
        act(chn, tmp)

#
#
# Testing :: below will go into main app
#

phyrule = dict()
phyrule['tblchn'] = dict()
phyrule['tblchn']['table'] = 'nat'
phyrule['tblchn']['chain'] = 'POSTROUTING'
phyrule['tblchn']['action'] = 'append'
phyrule['rule'] = dict()
phyrule['rule']['o_iface'] = 'ens3'
phyrule['rule']['snat'] = '10.1.2.250'
phyrule['rule']['source'] = '6.9.6.9'
phyrule['rule']['destination'] = '9.6.9.6'


a = phyawall()
a.add_rule(phyrule)

网友

2楼 · 编辑于 2024-05-22 00:33:27

我没有尝试过使用python iptables，但看起来您需要这样的东西：

rule = iptc.Rule()
match = rule.create_match('state')
match.state = 'RELATED,ESTABLISHED'
match.target = iptc.Target('ACCEPT')

chain = iptc.Chain(iptc.Table.(iptc.Table.FILTER), "INPUT")
chain.insert_rule(rule)

等等。

网友

3楼 · 编辑于 2024-05-22 00:33:27

试试这个

 import subprocess

p = subprocess.Popen(["iptables", "-A", "INPUT", "-p", "tcp", "-m", "tcp", "--dport", "22" , "-j", "ACCEPT"], stdout=subprocess.PIPE)
        output , err = p.communicate()
        print output

相关问题更多 >

编程相关推荐

热门问题

热门文章