Generated gh-pages for commit a66d959

Merge: 9b4393d 5b37e04 Author: ldx <v.nebehaj@gmail.com> Merge pull request #80 from bchatelard/master
ldx · Jul 24, 2014 · 8a20ddf · 8a20ddf
1 parent e70696d
commit 8a20ddf
Show file tree

Hide file tree

Showing 40 changed files with 925 additions and 295 deletions.
diff --git a/_sources/examples.txt b/_sources/examples.txt
@@ -52,7 +52,64 @@ To set up a rule that matches packets marked with 0xff::
     >>> match = rule.create_match("mark")
     >>> match.mark = "0xff"
 
-Parameters are always strings.
+Parameters are always strings. You can supply any string as the parameter
+value, but note that most extensions validate their parameters. For example
+this::
+
+    >>> rule = iptc.Rule()
+    >>> rule.protocol = "tcp"
+    >>> rule.target = iptc.Target(rule, "ACCEPT")
+    >>> match = iptc.Match(rule, "state")
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> match.state = "RELATED,ESTABLISHED"
+    >>> rule.add_match(match)
+    >>> chain.insert_rule(rule)
+
+will work. However, if you change the `state` parameter::
+
+    >>> rule = iptc.Rule()
+    >>> rule.protocol = "tcp"
+    >>> rule.target = iptc.Target(rule, "ACCEPT")
+    >>> match = iptc.Match(rule, "state")
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> match.state = "RELATED,ESTABLISHED,FOOBAR"
+    >>> rule.add_match(match)
+    >>> chain.insert_rule(rule)
+
+``python-iptables`` will throw an exception::
+
+    Traceback (most recent call last):
+      File "state.py", line 7, in <module>
+        match.state = "RELATED,ESTABLISHED,FOOBAR"
+      File "/home/user/Projects/python-iptables/iptc/ip4tc.py", line 369, in __setattr__
+        self.parse(name.replace("_", "-"), value)
+      File "/home/user/Projects/python-iptables/iptc/ip4tc.py", line 286, in parse
+        self._parse(argv, inv, entry)
+      File "/home/user/Projects/python-iptables/iptc/ip4tc.py", line 516, in _parse
+        ct.cast(self._ptrptr, ct.POINTER(ct.c_void_p)))
+      File "/home/user/Projects/python-iptables/iptc/xtables.py", line 736, in new
+        ret = fn(*args)
+      File "/home/user/Projects/python-iptables/iptc/xtables.py", line 1031, in parse_match
+        argv[1]))
+    iptc.xtables.XTablesError: state: parameter error -2 (RELATED,ESTABLISHED,FOOBAR)
+
+In certain cases you might need to use quoting inside the parameter string, for
+example::
+
+    >>> rule = iptc.Rule()
+    >>> rule.src = "127.0.0.1"
+    >>> rule.protocol = "udp"
+    >>> rule.target = rule.create_target("ACCEPT")
+    >>> match = rule.create_match("comment")
+    >>> match.comment = "this is a test comment"
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> chain.insert_rule(rule)
+
+will only add the comment `this` instead of the expected `this is a test
+comment`. Use quoting inside the comment string itself::
+
+    >>> comment = "this is a test comment"
+    >>> match.comment = "\"%s\"" % (comment)
 
 When you are ready constructing your rule, add them to the chain you want it
 to show up in::
@@ -211,6 +268,31 @@ This is the ``python-iptables`` equivalent of the following iptables command::
 
     # iptables -A INPUT -p tcp –destination-port 22 -m iprange –src-range 192.168.1.100-192.168.1.200 –dst-range 172.22.33.106 -j DROP
 
+You can of course negate matches, just like when you use ``!`` in front of a
+match with iptables. For example::
+
+    >>> import iptc
+    >>> rule = iptc.Rule()
+    >>> match = iptc.Match(rule, "mac")
+    >>> match.mac_source = "!00:11:22:33:44:55"
+    >>> rule.add_match(match)
+    >>> rule.target = iptc.Target(rule, "ACCEPT")
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> chain.insert_rule(rule)
+
+This results in::
+
+    $ sudo iptables -L -n
+    Chain INPUT (policy ACCEPT)
+    target     prot opt source               destination
+    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            MAC ! 00:11:22:33:44:55
+
+    Chain FORWARD (policy ACCEPT)
+    target     prot opt source               destination
+
+    Chain OUTPUT (policy ACCEPT)
+    target     prot opt source               destination
+
 Counters
 --------
 You can query rule and chain counters, e.g.::

diff --git a/_sources/intro.txt b/_sources/intro.txt
@@ -31,6 +31,10 @@ Linux iptables framework..
 
 .. |buildstatus| image:: https://travis-ci.org/ldx/python-iptables.png?branch=master
 
+|Bitdeli|
+
+.. |Bitdeli| image:: https://d2weczhvl823v0.cloudfront.net/ldx/python-iptables/trend.png
+
 Installing via pip
 ------------------
 

diff --git a/_static/basic.css b/_static/basic.css
@@ -4,7 +4,7 @@
  *
  * Sphinx stylesheet -- basic theme.
  *
- * :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2014 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
@@ -89,6 +89,7 @@ div.sphinxsidebar #searchbox input[type="submit"] {
 
 img {
     border: 0;
+    max-width: 100%;
 }
 
 /* -- search page ----------------------------------------------------------- */
@@ -401,10 +402,6 @@ dl.glossary dt {
     margin: 0;
 }
 
-.refcount {
-    color: #060;
-}
-
 .optional {
     font-size: 1.3em;
 }

diff --git a/_static/default.css b/_static/default.css
@@ -4,7 +4,7 @@
  *
  * Sphinx stylesheet -- default theme.
  *
- * :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2014 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */

diff --git a/_static/doctools.js b/_static/doctools.js
@@ -4,7 +4,7 @@
  *
  * Sphinx JavaScript utilities for all documentation.
  *
- * :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2014 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
@@ -168,6 +168,9 @@ var Documentation = {
     var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : [];
     if (terms.length) {
       var body = $('div.body');
+      if (!body.length) {
+        body = $('body');
+      }
       window.setTimeout(function() {
         $.each(terms, function() {
           body.highlightText(this.toLowerCase(), 'highlighted');

diff --git a/_static/searchtools.js b/_static/searchtools.js
@@ -4,7 +4,7 @@
  *
  * Sphinx JavaScript utilties for the full-text search.
  *
- * :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2014 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
@@ -330,13 +330,13 @@ var Search = {
           objectterms.push(tmp[i].toLowerCase());
       }
 
-      if ($u.indexOf(stopwords, tmp[i]) != -1 || tmp[i].match(/^\d+$/) ||
+      if ($u.indexOf(stopwords, tmp[i].toLowerCase()) != -1 || tmp[i].match(/^\d+$/) ||
           tmp[i] === "") {
         // skip this "word"
         continue;
       }
       // stem the word
-      var word = stemmer.stemWord(tmp[i]).toLowerCase();
+      var word = stemmer.stemWord(tmp[i].toLowerCase());
       var toAppend;
       // select the correct list
       if (word[0] == '-') {

diff --git a/_static/sidebar.js b/_static/sidebar.js
@@ -16,7 +16,7 @@
  * Once the browser is closed the cookie is deleted and the position
  * reset to the default (expanded).
  *
- * :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2014 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */

diff --git a/_static/websupport.js b/_static/websupport.js
@@ -4,7 +4,7 @@
  *
  * sphinx.websupport utilties for all documentation.
  *
- * :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2014 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */

diff --git a/clean.py b/clean.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+import iptc
+
+for name in iptc.Table.ALL:
+    table = iptc.Table(name)
+    table.autocommit = False
+    for chain in table.chains:
+        if chain.name.startswith('iptc_'):
+            print "Removing", chain.name
+            table.delete_chain(chain)
+    table.commit()
+    table.refresh()
+
+for name in iptc.Table6.ALL:
+    table = iptc.Table6(name)
+    table.autocommit = False
+    for chain in table.chains:
+        if chain.name.startswith('iptc_'):
+            print "Removing", chain.name
+            table.delete_chain(chain)
+    table.commit()
+    table.refresh()
diff --git a/comment.py b/comment.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+import gc
+import sys
+import iptc
+
+#rule = iptc.Rule()
+#rule.src = "127.0.0.1"
+#rule.protocol = "udp"
+#rule.target = rule.create_target("ACCEPT")
+#
+#match = rule.create_match("comment")
+#match.comment = "this is a test comment"
+
+chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+#chain.insert_rule(rule)
+
+while True:
+    for r in chain.rules:
+        c = r.matches[0].comment
+        print >> sys.stderr, "comment", c
+    #print >> sys.stderr, "garbage", gc.garbage
+    #print >> sys.stderr, "buffers", iptc.BUFFERS
+    #print >> sys.stderr, len(iptc.BUFFERS)
diff --git a/delete.py b/delete.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+
+import iptc
+import time
+
+table = iptc.Table('nat')
+chain = iptc.Chain(table, 'PREROUTING')
+for port in ['8080', '9090', '10101']:
+    rule = iptc.Rule()
+    rule.position = 1
+    rule.dst = "127.0.0.1"
+    rule.protocol = "udp"
+    rule.dport = port
+    target = rule.create_target("DNAT")
+    target.to_destination = '127.0.0.0:' + port
+    chain.insert_rule(rule)
+#table.commit()
+#table.refresh()
+
+time.sleep(3)
+
+table.autocommit = False
+print "deleting ", len(chain.rules), "rules from", table.name, "/", chain.name
+rules = chain.rules
+for rule in rules:
+    chain.delete_rule(rule)
+table.commit()
+table.refresh()
diff --git a/doc/conf.py b/doc/conf.py
@@ -46,9 +46,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '0.3.0'
+version = '0.4.0'
 # The full version, including alpha/beta/rc tags.
-release = '0.3.0'
+release = '0.4.0-dev'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

diff --git a/doc/examples.rst b/doc/examples.rst
@@ -52,7 +52,64 @@ To set up a rule that matches packets marked with 0xff::
     >>> match = rule.create_match("mark")
     >>> match.mark = "0xff"
 
-Parameters are always strings.
+Parameters are always strings. You can supply any string as the parameter
+value, but note that most extensions validate their parameters. For example
+this::
+
+    >>> rule = iptc.Rule()
+    >>> rule.protocol = "tcp"
+    >>> rule.target = iptc.Target(rule, "ACCEPT")
+    >>> match = iptc.Match(rule, "state")
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> match.state = "RELATED,ESTABLISHED"
+    >>> rule.add_match(match)
+    >>> chain.insert_rule(rule)
+
+will work. However, if you change the `state` parameter::
+
+    >>> rule = iptc.Rule()
+    >>> rule.protocol = "tcp"
+    >>> rule.target = iptc.Target(rule, "ACCEPT")
+    >>> match = iptc.Match(rule, "state")
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> match.state = "RELATED,ESTABLISHED,FOOBAR"
+    >>> rule.add_match(match)
+    >>> chain.insert_rule(rule)
+
+``python-iptables`` will throw an exception::
+
+    Traceback (most recent call last):
+      File "state.py", line 7, in <module>
+        match.state = "RELATED,ESTABLISHED,FOOBAR"
+      File "/home/user/Projects/python-iptables/iptc/ip4tc.py", line 369, in __setattr__
+        self.parse(name.replace("_", "-"), value)
+      File "/home/user/Projects/python-iptables/iptc/ip4tc.py", line 286, in parse
+        self._parse(argv, inv, entry)
+      File "/home/user/Projects/python-iptables/iptc/ip4tc.py", line 516, in _parse
+        ct.cast(self._ptrptr, ct.POINTER(ct.c_void_p)))
+      File "/home/user/Projects/python-iptables/iptc/xtables.py", line 736, in new
+        ret = fn(*args)
+      File "/home/user/Projects/python-iptables/iptc/xtables.py", line 1031, in parse_match
+        argv[1]))
+    iptc.xtables.XTablesError: state: parameter error -2 (RELATED,ESTABLISHED,FOOBAR)
+
+In certain cases you might need to use quoting inside the parameter string, for
+example::
+
+    >>> rule = iptc.Rule()
+    >>> rule.src = "127.0.0.1"
+    >>> rule.protocol = "udp"
+    >>> rule.target = rule.create_target("ACCEPT")
+    >>> match = rule.create_match("comment")
+    >>> match.comment = "this is a test comment"
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> chain.insert_rule(rule)
+
+will only add the comment `this` instead of the expected `this is a test
+comment`. Use quoting inside the comment string itself::
+
+    >>> comment = "this is a test comment"
+    >>> match.comment = "\"%s\"" % (comment)
 
 When you are ready constructing your rule, add them to the chain you want it
 to show up in::
@@ -211,6 +268,31 @@ This is the ``python-iptables`` equivalent of the following iptables command::
 
     # iptables -A INPUT -p tcp –destination-port 22 -m iprange –src-range 192.168.1.100-192.168.1.200 –dst-range 172.22.33.106 -j DROP
 
+You can of course negate matches, just like when you use ``!`` in front of a
+match with iptables. For example::
+
+    >>> import iptc
+    >>> rule = iptc.Rule()
+    >>> match = iptc.Match(rule, "mac")
+    >>> match.mac_source = "!00:11:22:33:44:55"
+    >>> rule.add_match(match)
+    >>> rule.target = iptc.Target(rule, "ACCEPT")
+    >>> chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
+    >>> chain.insert_rule(rule)
+
+This results in::
+
+    $ sudo iptables -L -n
+    Chain INPUT (policy ACCEPT)
+    target     prot opt source               destination
+    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            MAC ! 00:11:22:33:44:55
+
+    Chain FORWARD (policy ACCEPT)
+    target     prot opt source               destination
+
+    Chain OUTPUT (policy ACCEPT)
+    target     prot opt source               destination
+
 Counters
 --------
 You can query rule and chain counters, e.g.::