File: usage.rst

package info (click to toggle)
python-iptables 1.0.1-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 564 kB
  • sloc: python: 3,098; makefile: 103; ansic: 77
file content (97 lines) | stat: -rw-r--r-- 2,304 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
Usage
=====

The python API in ``python-iptables`` tries to mimic the logic of iptables.
You have

    * **Tables**, **Table.FILTER**, **Table.NAT**, **Table.MANGLE** and
      **Table.RAW** for IPv4; **Table6.FILTER**, **Table6.SECURITY**,
      **Table6.MANGLE** and **Table6.RAW** for IPv6.  They can be used to
      filter packets, do network address translation or modify packets in
      various ways.

    * **Chains** inside tables.  Each table has a few built-in chains, but you
      can also create your own chains and jump into them from other chains.
      When you create your chains you should also specify which table it will
      be used in. **Chains** have **Policies**, which tell what to do when the
      end of a chain is reached.

    * Each chain has zero or more **rules**.  A rule specifies what kind of
      packets to match (matches, each rule can have zero, one or more matches)
      and what to do with them (target, each rule has one of them).  Iptables
      implements a plethora of match and target extensions. For IPv4, the
      class implementing this is called *Rule*, for IPv6 it is called *Rule6*.

    * **Matches**, specifying when a rule needs to be applied to a packet.  To
      create a match object you also has to specify the rule to which it
      belongs.

    * **Targets**, specifying what to do when a rule is applied to a packet.
      To create a target object you also has to specify the rule to which it
      belongs.

The python API is quite high-level and hides the low-level details from the
user.  Using only the classes *Table*, *Chain*, *Rule*, *Match* and *Target*
virtually anything can be achieved that you can do with iptables from the
command line.

.. currentmodule:: iptc

Table
-----

.. autoclass:: Table
   :members:

Table6
------

.. autoclass:: Table6
   :members:
   :inherited-members:

Chain
-----

.. autoclass:: Chain
   :members:

Policy
------

.. autoclass:: Policy
   :members:

Match
-----

.. autoclass:: Match
   :members:
   :inherited-members:

Target
------

.. autoclass:: Target
   :members:
   :inherited-members:

Rule
----

.. autoclass:: Rule
   :members:
   :inherited-members:

Rule6
-----

.. autoclass:: Rule6
   :members:
   :inherited-members:

IPTCError
---------

.. autoexception:: IPTCError