conntrackt Changeset - f4bb5c3c3539

Changeset - f4bb5c3c3539

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Branko Majic (branko) - 11 years ago 2013-06-23 22:06:57
branko@majic.rs

Added two static iptables rule classes (for loopback and related connections). Updated documentation to reflect the addition. Fixed missing chain name in iptables rules.

3 files changed with 84 insertions and 1 deletions:

conntrackt/iptables.py

conntrackt/utils.py

docs/usage.rst

0 comments (0 inline, 0 general)

conntrackt/iptables.py

➞

Show inline comments

@@ @@ -64,6 +64,83 @@ class Rule(object): @@
         String representation of the rule.
         """
         return self.__unicode__()
 class LoopbackRule(object):
     """
     Static iptables rule that accepts all traffic on loopback interface.
     """
     def __init__(self):
         """
         Initialises the rule properties. Sets a static description.
         """
         self.description = "Accept all incoming traffic on loopback interface."
     def __unicode__(self):
         """
         Creates string representation of the rule. The format is:
         -i lo -j ACCEPT
         Returns:
         String representation of the rule.
         """
         return "-i lo -j ACCEPT"
     def __str__(self):
         """
         Creates string representation of the rule. Calls the __unicode__
         function.
         Returns:
         String representation of the rule.
         """
         return self.__unicode__()
 class RelatedRule(object):
     """
     Static iptables rule that accepts all related traffic.
     """
     def __init__(self):
         """
         Initialises the rule properties. Sets a static description.
         """
         self.description = "Accept all incoming related traffic."
     def __unicode__(self):
         """
         Creates string representation of the rule. The format is:
         -m state --state RELATED,ESTABLISHED -j ACCEPT
         Returns:
         String representation of the rule.
         """
         return "-m state --state RELATED,ESTABLISHED -j ACCEPT"
     def __str__(self):
         """
         Creates string representation of the rule. Calls the __unicode__
         function.
         Returns:
         String representation of the rule.
         """
         return self.__unicode__()
@@ @@ -141,7 +218,7 @@ class Chain(object): @@
                 if rule.description:
                     rendering += "# %s\n" % rule.description
                 previous_description = rule.description
             rendering += "%s\n" % rule
+            rendering += "-A %s %s\n" % (self.name, rule)
         rendering += "\n"
         return rendering

conntrackt/utils.py

➞

Show inline comments

@@ @@ -35,6 +35,9 @@ def generate_entity_iptables(entity): @@
     filter = iptables.Table("filter")
     input = iptables.Chain("INPUT", "DROP")
     input.add_rule(iptables.LoopbackRule())
     input.add_rule(iptables.RelatedRule())
     for communication in incoming:
         source = "%s/%s" % (communication.source.address, communication.source.netmask)
         destination = "%s/%s" % (communication.destination.address, communication.destination.netmask)

docs/usage.rst

➞

Show inline comments

@@ @@ -274,4 +274,7 @@ rules are generated with the following r @@
   explicitly defined communications in the iptables will be used to generate the
   *ACCEPT* rules. The matching is performed based on *source*, *protocol*, and
   destination *port*.
 * The *INPUT* chain will contain the following default rules as well::
     -A INPUT -i lo -j ACCEPT
     -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

0 comments (0 inline, 0 general)