Zc@sddlZddlZddlZddlZddlZddlZddlZddlZddl m Z m Z ddl m Z mZmZm Z mZmZmZmZddddd d d gZye d WnnXeed  reed dndZejdZejZejeje_ejZ ejej!e _ej"ge _#ej$Z%e&e%_ejej!ge%_#e edZ'dej(fdYZ)dej(fdYZ*dej(fdYZ+d e,fdYZ-e dd\Z.Z/de0fdYZ1de0fdYZ2de0fdYZ3de2fd YZ4d e2fd!YZ5d e0fd"YZ6d#Z7d$Z8de0fd%YZ9de0fd&YZ:d'Z;de0fd(YZ<dS()iNi(t find_libraryt load_kernel(t XT_INV_PROTOt NFPROTO_IPV4t XTablesErrortxtablestxt_alignt xt_counterstxt_entry_targettxt_entry_matchtTabletChaintRuletMatchtTargettPolicyt IPTCErrort ip_tablest IPPROTO_SCTPiis libc.so.6cCs*yt|tSWntk r%nXtS(N(R tTrueRtFalse(tname((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytis_table_available+s   tin_addrcBs eZdZdejfgZRS(s7This class is a representation of the C struct in_addr.ts_addr(t__name__t __module__t__doc__tcttc_uint32t_fields_(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR4stipt_ipc BseZdZdefdefdefdefdejefdejefdejefdejefd ejfd ejfd ejfg Z d Z d Z dZ d Z d ZdZdZdZdZeZdZdZRS(s6This class is a representation of the C struct ipt_ip.tsrctdsttsmsktdmsktinifacetoutifacet iniface_maskt outiface_masktprototflagstinvflagsiiiiiii icCsd|j_|j_dS(NI(R"RR#(tself((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt__init__Vs(RRRRRtc_chart _IFNAMSIZtc_uint16tc_uint8Rt IPT_F_FRAGt IPT_F_GOTOt IPT_F_MASKtIPT_INV_VIA_INtIPT_INV_VIA_OUTt IPT_INV_TOSt IPT_INV_SRCIPt IPT_INV_DSTIPt IPT_INV_FRAGRt IPT_INV_PROTOt IPT_INV_MASKR,(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR9s0      t ipt_entryc BsfeZdZdefdejfdejfdejfdejfdefdejdfgZ RS( s9This class is a representation of the C struct ipt_entry.tiptnfcachet target_offsett next_offsettcomefromtcounterstelemsi( RRRRRtc_uintR/Rtc_ubyteR(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR<[s      cBseZdZRS(sThis exception is raised when a low-level libiptc error occurs. It contains a short description about the error that occurred while executing an iptables operation. (RRR(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRfstip4tctiptccBseZdZejZejeje_ej ge_ ej Z de _ej ge _ ejZeje_ej ge_ ejZeje_ej ej ge_ ejZej e_ej ge_ ejZej e_ej ge_ ejZeje_ej ej ge_ ejZeje_ej ej ge_ ejZeje_ej ej ge_ ejZeje_ej ej ej ge_ ejZeje_ej ej ge_ ejZeje_ej ej ge_ ejZej e_ej ejeej ge_ ejZeje_ej ej ejeej ge_ ejZejee_ej ej ge_ ejZejee_ejeej ge_ ejZej e_ejeej ge_ ejZeje_ej ejeejej ge_ ej Z eje _ej ejeejej ge _ ej!Z!eje!_ej ejeej ge!_ ej"Z"eje"_ej ejeejej#ej ge"_ ej$Z$eje$_ej ej%ej ge$_ ej&Z&eje&_ej%ej ej ge&_ ej'Z'ejee'_ej ej%ej ge'_ ej(Z(eje(_ej ej%ej ge(_ ej)Z)eje)_ej ej%ejeej ge)_ ej*Z*ej e*_ejge*_ RS(s*This class contains all libiptc API calls.N(+RRRt_libiptct iptc_initRtPOINTERtc_inttrestypetc_char_ptargstypet iptc_freetNonetc_void_pt iptc_committ iptc_builtintiptc_first_chaintiptc_next_chaint iptc_is_chaintiptc_create_chaintiptc_delete_chaintiptc_rename_chaintiptc_flush_entriestiptc_zero_entriestiptc_get_policyRtiptc_set_policytiptc_first_ruleR<tiptc_next_ruletiptc_get_targettiptc_insert_entrytiptc_replace_entrytiptc_append_entrytiptc_delete_entryREtiptc_delete_num_entryRDtiptc_get_referencestiptc_read_countertiptc_zero_countertiptc_set_countert iptc_strerror(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRGqs                                                    t IPTCModulecBseZdZejdZdZddZdZ dZ dZ dZ dZ d Zd Zd Zd Zd ZdZdZdZdZdZeeZdZeeZdZdZeeeZRS(s Superclass for Match and Target.s>\s*(!)?\s*--([-\w]+)\s+(!)?\s*"?([^"]*?)"?(?=\s*(?:!?\s*--|$))cCsCd|_d|_d|_d|_d|_d|_tdS(N(RPt_namet_rulet_modulet _revisiont_ptrt_ptrptrtNotImplementedError(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR,s      cCs1|dkrd}n|j|jdd|S(s/ Set a parameter for target or match extension, with an optional value. @param parameter: name of the parameter to set @type parameter: C{str} @param value: optional value of the parameter, defaults to C{None} @type value: C{str} or a C{list} of C{str} tt_t-N(RPtparsetreplace(R+t parametertvalue((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt set_parameters  c Cs|j}tjd}t|dkrY|ddkrYtjd}|d}ng}t|t}y|st|t}nWnnX|r|jg}n9y#g|D]}|j^q}WntdnX|jj r|jj rt d|jj |fn|j }t|}tj|d}||ddS|d|_t|jdd|_t|jdd|_dS(NiRR(RRPRRt _alias_moduleRRR(R+Rt alias_module((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR4s    cCstjt}|jjj|jjjkr|jjjj|jjjjkr|jjjj|jjjjkr|j ||j !|j ||j !krt St S(N( RtsizeofR RRt match_sizeRRRt match_buftusersizeRR(R+Rtbasesz((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt__eq__?s$$cCsRt|jjjt|jjjjAt|jjjjAtt|jAS(N( thashRRRRRRtbytesR(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt__hash__Is>cCs|j| S(N(R(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt__ne__OscCs|jj|jdS(N(Rtfinal_check_matchRn(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRRsc CsJ|jj|||j|tj|jtjtj|j|j dS(N( Rt parse_matchRnRtcastRqRJRQRR(R+RRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRUscCst|jjtjtS(N(RRnRRRR (R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_sizeZscCs|jjtjtS(N(Rnt userspacesizeRRR (R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt_get_user_size_scCsztjtj|jtjt|_tjtj|jtjtjt|_|j|j _ |j dS(N( RRRRRJR RpRRqRntmt _update_name(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRes cCs)|jd}|jj|jj_dS(Ni(RpRR|RR(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRms cCstjtj|jd|j|j|jd}|j|j_|j |jj _ |j j r||j j |jnd|j _t|j dd}|dkrtj|}tjtj|tj|j _ndS(s\Reset the match. Parameters are set to their default values, any flags are cleared.it udata_sizeN(RtmemsetRRRRRpRRRoRRRntinitRRRERRQtudata(R+RRt udata_buf((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRqs"     cCs)tjtj|jtjtdS(Ni(RRRRRJR (R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_matchscCs|jS(N(R(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt_get_match_bufsN(RRRRPR,RRRRRRRRRRRRRRRRRR(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR s(0               cBseZdZdddddZdZdZdZdZdZ dZ dZ d Z e e Zd Ze eZd Zd Ze eeZd ZdZdZdZe eZdZe eZRS(sTargets specify what to do with a packet when a match is found while traversing the list of rule entries in a chain. Target and match extensions in iptables have parameters. These parameters are implemented as instance attributes in python. However, to make the names of parameters legal attribute names they have to be converted. The rule is to cut the leading double dash from the name, and replace dashes in parameter names with underscores so they are accepted by python as attribute names. E.g. the *TOS* target has parameters *--set-tos*, *--and-tos*, *--or-tos* and *--xor-tos*; they become *target.set_tos*, *target.and_tos*, *target.or_tos* and *target.xor_tos*, respectively. The value of a parameter is always a string, if a parameter does not take any value in the iptables extension, an empty string i.e. "" should be used. c Cs|d kr'|d kr'tdn|d krK|jjjj}n||_||_d |_d |_ |j }gt |D]}|j dr|^q}t |dkrtdnt||d} |d k s|d krt|j| @|_n|d k rct|ts/t||_|rP|j| O_qc|j| M_nt|j|_|jr|jjdp|jj|} | rt| ddd pd } | r#| j|_t| ddd |_t| ddd |_ |jj| } n| s<td |n| d|_d|j_|d k rm||_n|jj|_|j||jr||_ n|r|j!nd S( s *rule* is the Rule object this match belongs to; it can be changed later via *set_rule()*. *name* is the name of the iptables target extension (in upper case), *target* is the raw buffer of the target structure if the caller has it. Either *name* or *target* must be provided. *revision* is the revision number of the extension that should be used; different revisions use different structures in C and they usually only work with certain kernel versions. Python-iptables by default will use the latest revision available. If goto is True, then it converts '-j' to '-g'. s$can't create target based on nothingt_F_GOTOisBWhat kind of struct is this? It does not have "*_F_GOTO" constant!RsRRRscan't find target %sN("RPRRRRRRlRmRRRRtendswithR}t RuntimeErrorRtboolR)t_gotoR~tAssertionErrorRRRt_is_standard_targett find_targetRRnttflagsRoRt_create_buffertstandard_targetR( R+RRttargetRtgototipstructtat f_goto_attrsRRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR,sV       .   "       cCs|j}|dkrdS|jj|}|dkr>dS|d|_t|jdd|_t|jdd|_dS(NiRR(RRPRRRRRR(R+RR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs    cCsGtjt}|jjj|jjjksu|jjjj|jjjjksu|jjjj|jjjjkryt S|jjjjdks|jjjjdks|jjjjdks|jjjjdks|jjjjdks|jjjjdks|j rt S|j ||j !|j ||j !krCt St S(NRststandardtACCEPTtDROPtRETURNtERROR(RRRR Rt target_sizeRRRRRRt _target_bufR(R+ttargR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs"$$ cCs|j| S(N(R(R+R ((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRscCsdt|j|_|jj|_|rVtj|jtj||j|jn |j dS(N( RRt_bufferRRRRRRR(R+R ((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR s " cCs1x*|jjD]}|j|jr tSq WtS(N(Rmttablestis_chainRlRR(R+tt((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRscCs|jj|jdS(N(Rtfinal_check_targetRn(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRsc Cs|jj|||j|tj|jtjtj|j|j tj|jj tjtj |_ |j j|j kr|j |j _n|jdS(N(Rt parse_targetRnRRRqRJRQRRRRERRRR(R+RRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs'cCst|jjtjtS(N(RRnRRRR(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR!scCs|jjtjtS(N(RnRRRR(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR&scCs |jd}|jjjjS(Ni(RpRRRR(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt_get_standard_target,s cCse|jd}t|tr+|j}n||jj_t|trX|j}n||_ dS(Ni( RpR~RR|RRRRRRl(R+RR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt_set_standard_target0s cCsqtj|jtjt|_tjtj|jtjtjt|_|j|j_ |j dS(N( RRRRJRRpRRqRnRR(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR=s !cCs)|jd}|jj|jj_dS(Ni(RpRR|RR(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRDs cCstj|jd|j|j|jd}|j|j_|j|jj _ |j j rs|j j |jnd|j _ t|j dd}|dkrtj|}tjtj|tj|j _ndS(s]Reset the target. Parameters are set to their default values, any flags are cleared.iRN(RRRRRRpRRRoRRRnRRRRERRRQR(R+RRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRHs     cCs |jdS(Ni(Rp(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_targetXscCs|jS(N(R(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_goto]sN(RRRRPR,RRRR RRRRRRRRRRR RRRR R R!R (((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs.H                cBsDeZdZdZdZdZdZejZ dZ dZ RS(s If the end of a built-in chain is reached or a rule in a built-in chain with target RETURN is matched, the target specified by the chain policy determines the fate of the packet. RRtQUEUERcCs>tjj|d}|s:tj|}|tj|d2Z?d3Z@e"e?e@ZAd4ZBd5ZCd6ZDd7ZEd8ZFd9ZGe"eFeGZHd:ZIe"eIZJRS(<sHRules are entries in chains. Each rule has three parts: * An entry with protocol family attributes like source and destination address, transport protocol, etc. If the packet does not match the attributes set here, then processing continues with the next rule or the chain policy is applied at the end of the chain. * Any number of matches. They are optional, and make it possible to match for further packet attributes. * One target. This determines what happens with the packet if it is matched. tallitahtdstoptstegptesptfragmenttgrethopoptsticmpticmpv6tidptigmpR=tipiptipv6tnonetpimtpuptrawtroutingtrsvptsctpttcpttptudpcCs1t|_g|_d|_||_||_dS(s *entry* is the ipt_entry buffer or None if the caller does not have it. *chain* is the chain object this rule belongs to. N(RRt_matchesRPt_targettchainR(R+RRL((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR,s     cCs|j|jkrtSt|jt|jkr8tSt|jtg|jD]}||jkrQ|^qQkr|tS|j|jkr|j|jkr|j|jkr|j|jkr|j |j kr|j |j krt StS(N( RKRR}RJtsetR R!tprotocolR7t in_interfacet out_interfaceR(R+RR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs"$cCs|j| S(N(R(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRscCs,gtjD]}t|r t|^q S(N(R tALLR(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_tablesscCs;|jr|jjnx|jD]}|jq#WdS(s/Do a final check on the target and the matches.N(R Rtmatches(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs cCs)t|d|d|}|j||S(sCreate a *match*, and add it to the list of matches in this rule. *name* is the name of the match extension, *revision* is the revision to use.RR(R t add_match(R+RRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt create_matchs cCs+t|d|d|d|}||_|S(sCreate a new *target*, and set it as this rule's target. *name* is the name of the target extension, *revision* is the revision to use. *goto* determines if target uses '-j' (default) or '-g'.RRR (RR (R+RRR R ((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt create_targets cCs||_|jj|dS(s=Adds a match to the rule. One can add any number of matches.N(RRJR(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRTs cCs|jj|dS(s)Removes *match* from the list of matches.N(RJtremove(R+R((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt remove_matchscCs |jjS(N(RR=(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRscCs|jS(N(RJ(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_matchesscCs|jS(N(RK(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR scCs||_||_dS(N(RRK(R+R ((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _set_targets cCsd}|jjjtj@r4dj|dg}nt|jjj}ytj tj |}Wn tj k rt dnXdj||dg}t|jjj }ytj tj |}Wn tj k rt dnXdj||g}|S(NRsR{s(error in internal state: invalid addresst/s(error in internal state: invalid netmask(RR=R*RR7tjoinR1R tsockett inet_ntoptAF_INETterrorRR"(R+R tpaddrR-tnetmask((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytget_srcs c Cs|ddkr5|jjjtjO_|d}n |jjjtjtj@M_|jd}|dkr|}d}n|| }||d}yttj tj |}Wn$tj k rt d|nXt }tj||_||jj_|js\yttj tj |}Wqtj k rXt d|qXnVt|}|d ks|dkrt d|ntjd |dd |>}t } tj|| _| |jj_dS( NiR{iR[is255.255.255.255sinvalid address %ssinvalid netmask %si i(RR=R*RR7R;tfindR.R]t inet_ptonR_R`RRRRRR tisdigitR0thtonlR"( R+R tslashR-tnetmtsaddrtinatnmasktimasktneta((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytset_srcs<         cCsd}|jjjtj@r4dj|dg}nt|jjj}ytj tj |}Wn tj k rt dnXdj||dg}t|jjj }ytj tj |}Wn tj k rt dnXdj||g}|S(NRsR{s(error in internal state: invalid addressR[s(error in internal state: invalid netmask(RR=R*RR8R\R1R!R]R^R_R`RR#(R+R!RaR-Rb((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytget_dstBs c Cs|ddkr5|jjjtjO_|d}n |jjjtjtj@M_|jd}|dkr|}d}n|| }||d}yttj tj |}Wn$tj k rt d|nXt }tj||_||jj_|js\yttj tj |}Wqtj k rXt d|qXnVt|}|d ks|dkrt d|ntjd |dd |>}t } tj|| _| |jj_dS( NiR{iR[is255.255.255.255sinvalid address %ssinvalid netmask %si i(RR=R*RR8R;RdR.R]ReR_R`RRRRRR!RfR0RgR#( R+R!RhR-RitdaddrRkRlRmRn((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytset_dstTs<         cCsd}|jjjtj@r%d}n|jjjj}|jjj}t|dkr_dS||7}t|t|kr|d7}n|t }|S(NRsR{it+( RR=R*RR4R$RR&R}RPR.(R+tintftifacetmask((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytget_in_interface~s    cCs|ddkr5|jjjtjO_|d}n |jjjtjtj@M_t|tkrztd|nt|d}|t|ddkr|d }|d8}ndj |j d tt|g|jj_ dj d |d t|g|jj_ dS( NiR{isinterface name %s too longRsiiRsss( RR=R*RR4R;R}R.RR\R|R$R&(R+Rttmasklen((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytset_in_interfaces     # cCsd}|jjjtj@r%d}n|jjjj}|jjj}t|dkr_dS||7}t|t|kr|d7}n|t }|S(NRsR{iRs( RR=R*RR5R%RR'R}RPR.(R+RtRuRv((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytget_out_interfaces    cCs|ddkr5|jjjtjO_|d}n |jjjtjtj@M_t|tkrztd|nt|d}|t|ddkr|d }|d8}ndj |j d tt|g|jj_ dj d |d t|g|jj_ dS( NiR{isinterface name %s too longRsiiRsss( RR=R*RR5R;R}R.RR\R|R%R'(R+RtRx((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytset_out_interfaces     # cCs@t|jjjtj@}|jjjtj@r<| }n|S(N(RRR=R)RR1R*R9(R+tfrag((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt get_fragments cCs^|jjjtjtj@M_|rA|jjjtjO_n|jjjtjM_dS(N(RR=R*RR9R;R)R1(R+R|((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt set_fragments cCse|jjjtj@rd}nd}dj||jj|jjjt |jjjg}|S(NR{Rs( RR=R*RR:R\t protocolsR$R(R(R+R(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt get_protocols  <cCst|}|ddkrA|jjjtjO_|d}n |jjjtjtj@M_|jrt||jj_ dSxD|j j D]3}|j |dkr|d|jj_ dSqWt d|dS(NiR{isinvalid protocol %s(RRR=R*RR:R;RfR0R(RRtlowerR(R+R(tp((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt set_protocols    cCs|jj}|j|jfS(sUThis method returns a tuple pair of the packet and byte counters of the rule.(RRBtpcnttbcnt(R+RB((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt get_counterss cCsttjtS(N(RRRR<(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _entry_sizescCstS(N(R<(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _entry_type scCstS(N(R<(R+((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _new_entry sc Cs|j s!|j s!|jj r%dS|j}d}x$|jD]}|t|j7}qAWt|jj}|||j_||||j_ t j |||}t j t j |jt jt j }|| ||*d}xJ|jD]?}t|j}|j| ||||||+||7}qWt j t j |jjt jt j }|| ||||||+|S(Ni(RRKR RPRRJRRR?R@RRERRRJR( R+tentrysztmatchszRttargetszRtptrtoffsettsz((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs(! * -c Cs|s|j|_dStjtj|tj|jd|_t||js~td||jfn|j }|j |}|rd}xt|||j krtjtj |j |tjt d}t|d|}|j|||j7}qWntjtj ||j tjtd}t|d||_|jjj|}|r||j_ndS(Nis!Invalid rule type %s; expected %sRR (RRRRRRJRR~RRR?RRCR R RTRRRR RLRt get_targetRKR ( R+RRRtoffRRR tjump((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR0s0   cCs |js dS|j}|jj|}|jj|jj}tj|||}d}x%t|||D]}d||}x(t|||j D]}d||>> table = iptc.Table(iptc.Table.FILTER) The interface provided by *Table* is rather low-level, in fact it maps to *libiptc* API calls one by one, and take low-level iptables structs as parameters. It is encouraged to, when possible, use Chain, Rule, Match and Target to achieve what is wanted instead, since they hide the low-level details from the user. tfiltertmangleRCtnattsecuritycCs{tjj|d}|s_tj|}|dkr?t}n|j|||tj||jj|j}|dkr:td|jndS(sCommit any pending operation.iscan't commit: %sN(RRRRRtstrerror(R+trv((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pytcommit;s cCs|jdkrtdnzCy|jr:|jnWn"tk r_}|s`|q`nXWd|jj|jd|_XdS(Nstable is not initialized(RRPRRRRRO(R+t ignore_excR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRAs cCsf|jr|jn|jj|jj}|sYtd|j|jfn||_dS(s@Commit any pending operation and refresh the status of iptables.scan't initialize %s: %sN(RRRRIRR|RR(R+thandle((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRNs   cCsEt|tr|j}n|jj|j|jr=tStSdS(s,Returns *True* if *chain* exists as a chain.N( R~R RRRVR|RRR(R+RL((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRYs  cCsEt|tr|j}n|jj|j|jr=tStSdS(s.Returns *True* if *chain* is a built-in chain.N( R~R RRRSR|RRR(R+RL((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRbs  cCs-td}|dkrdS|jj|S(s?Returns any pending iptables error from the previous operation.islibiptc version error(t_get_errno_locRRj(R+terrno((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRks  cCsqt|tr|j}n|jj|j|j}|dkrdtd||jfnt||S(sCreate a new chain *chain*.iscan't create chain %s: %s( R~R RRRWR|RRR(R+RLR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt create_chainrs   cCsht|tr|j}n|jj|j|j}|dkrdtd||jfndS(s$Delete chain *chain* from the table.iscan't delete chain %s: %sN( R~R RRRXR|RRR(R+RLR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR}s    cCsqt|tr|j}n|jj|j|j|j}|dkrmtd||jfndS(s#Rename chain *chain* to *new_name*.iscan't rename chain %s: %sN( R~R RRRYR|RRR(R+RLRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs    cCsht|tr|j}n|jj|j|j}|dkrdtd||jfndS(sFlush all rules from *chain*.iscan't flush chain %s: %sN( R~R RRRZR|RRR(R+RLR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs    cCsht|tr|j}n|jj|j|j}|dkrdtd||jfndS(s-Zero the packet and byte counters of *chain*.is can't zero chain %s counters: %sN( R~R RRR[R|RRR(R+RLR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs   cCst|tr|j}nt|tr6|j}n|rqt}|d|_|d|_tj|}nd}|j j |j |j ||j }|dkrtd|||jfndS(siSet the policy of *chain* to *policy*, and also update chain counters if *counters* is specified.iis#can't set policy %s on chain %s: %sN(R~R RRRRRRRRPRR]R|RRR(R+RLRRBtcntrsR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs      cCst|tr|j}n|j|s.dSt}|jj|jt j ||j j }|st d||jfnt||j|jffS(s*Returns the policy of *chain* as a string.s can't get policy on chain %s: %sN(NN(R~R RRRPRRR\R|RRRRRRRRR(R+RLRtpol((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs  cCs_|jj|jtj|tj|j}|dkr[td||jfndS(s Appends rule *entry* to *chain*.is"can't append entry to chain %s: %sN( RRcR|RRRQRRR(R+RLRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs   cCsb|jj|jtj|tj||j}|dkr^td||jfndS(s9Inserts rule *entry* into *chain* at position *position*.is$can't insert entry into chain %s: %sN( RRaR|RRRQRRR(R+RLRRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs  cCsb|jj|jtj|tj||j}|dkr^td||jfndS(sAReplace existing rule in *chain* at *position* with given *rule*.is#can't replace entry in chain %s: %sN( RRbR|RRRQRRR(R+RLRRR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs  cCsb|jj|jtj|tj||j}|dkr^td||jfndS(s.Removes rule *entry* with *mask* from *chain*.is$can't delete entry from chain %s: %sN( RRdR|RRRQRRR(R+RLRRvR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs  cCs4|jj|j|j}|r,|dS|SdS(s;Returns the first rule in *chain* or *None* if it is empty.iN(RR^R|R(R+RLR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRscCs7|jjtj||j}|r/|dS|SdS(s(Returns the next rule after *prev_rule*.iN(RR_RRR(R+t prev_ruleR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs!cCs%|jjtj||j}|S(s'Returns the standard target in *entry*.(RR`RRR(R+RR((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs!cCscg}|jj|j}xA|r^|j}|jt|||jj|j}qW|S(N(RRTRRRR RU(R+tchainsRL((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyt _get_chainss  cCsUx|jD]}|jq Wx0|jD]%}|j|s(|j|q(q(WdS(s2Flush and delete all non-builtin chains the table.N(RRRR(R+RL((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRs cCs t||S(N(R (R+RRL((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyRsN(+RRRtFILTERtMANGLEtRAWtNATtSECURITYRQtdictR#RPR%RRRRRRRRRRRRRRRRRRRRRRRRRRRRRR(((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyR sJ                  (=RRRRtctypesRR]R+R(tutilRRRRRRRRRR t__all__thasattrtsetattrR.tCDLLt_libct__errno_locationRRJRKRLtmallocRREtc_size_ttargtypestfreeRRPRt StructureRRR<RRRHRtRRGRkRR RRR.R1R R RR (((s3/home/vilmos/Projects/python-iptables/iptc/ip4tc.pyts\        :      "   {