如何使用python-iptables编写特定的iptables规则 [英] How to write specific iptables rules using python-iptables
问题描述
我正在尝试使用python-iptables编写脚本来设置某些规则.我想出了如何设置规则以允许所有人并拒绝所有人,但我需要弄清楚如何编写规则以允许建立的连接.
I am trying to use python-iptables to write a script to set certain rules. I figured out how to set rules to allow all and deny all, but I need to figure out how to write a rule to allow established connections.
例如,我需要使用python-iptables编写以下规则:
For example I need to write the following rules using python-iptables:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
如果任何人具有第一手知识或知道编写上述或类似规则的良好资源,我将不胜感激.预先感谢!
If anyone has firsthand knowledge or knows a good resource for writing the above or similar rules I would greatly appreciate it. Thanks in advance!
这是成品.我计划添加更多规则选项,以允许用户根据需要允许http/s等连接.感谢所有帮助.
import iptc
def dropAll():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
rule = iptc.Rule()
rule.in_interface = "eth+"
target = iptc.Target(rule, "DROP")
rule.target = target
chain.insert_rule(rule)
def allowLoopback():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
rule = iptc.Rule()
rule.in_interface = "lo"
target = iptc.Target(rule, "ACCEPT")
rule.target = target
chain.insert_rule(rule)
def allowEstablished():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
rule = iptc.Rule()
match = rule.create_match('state')
match.state = "RELATED,ESTABLISHED"
rule.target = iptc.Target(rule, 'ACCEPT')
chain.insert_rule(rule)
dropAll()
allowLoopback()
allowEstablished()
推荐答案
我没有尝试使用python-iptables,但看起来您需要使用以下内容:
i've not tried to use python-iptables, but it looks like you need something like:
rule = iptc.Rule()
match = rule.create_match('state')
match.state = 'RELATED,ESTABLISHED'
match.target = iptc.Target('ACCEPT')
chain = iptc.Chain(iptc.Table.(iptc.Table.FILTER), "INPUT")
chain.insert_rule(rule)
以此类推.
这篇关于如何使用python-iptables编写特定的iptables规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
