我只是学习python并编写了一些代码来使用python-iptables库设置iptables.我遇到的问题是我不得不一遍又一遍地重写大量相同的代码行.我理解函数但不是OOP.我认为有更好的OOP编写代码的方式,但我无法理解它.任何指针将不胜感激.代码如下.
import iptc
def dropAllInbound():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
rule = iptc.Rule()
rule.in_interface = 'eth+'
rule.target = iptc.Target(rule, 'DROP')
chain.insert_rule(rule)
def allowLoopback():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
rule = iptc.Rule()
rule.in_interface = 'lo'
rule.target = iptc.Target(rule, 'ACCEPT')
chain.insert_rule(rule)
def allowEstablishedInbound():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
rule = iptc.Rule()
match = rule.create_match('state')
match.state = 'RELATED,ESTABLISHED'
rule.target = iptc.Target(rule, 'ACCEPT')
chain.insert_rule(rule)
def allowHTTP():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
rule = iptc.Rule()
rule.in_interface = 'eth+'
rule.protocol = 'tcp'
match = rule.create_match('tcp')
match.dport = '80'
rule.target = …我正在尝试使用python-iptables编写脚本来设置某些规则.我想出了如何设置规则以允许所有并拒绝所有,但我需要弄清楚如何编写规则以允许建立连接.
例如,我需要使用python-iptables编写以下规则:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
如果任何人有第一手资料或知道编写上述或类似规则的良好资源,我将非常感激.提前致谢!
这是成品.我计划添加更多规则选项,以允许用户在需要时允许http/s等连接.感谢所有帮助.
import iptc
def dropAll():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
rule = iptc.Rule()
rule.in_interface = "eth+"
target = iptc.Target(rule, "DROP")
rule.target = target
chain.insert_rule(rule)
def allowLoopback():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
rule = iptc.Rule()
rule.in_interface = "lo"
target = iptc.Target(rule, "ACCEPT")
rule.target = target
chain.insert_rule(rule)
def allowEstablished():
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
rule = iptc.Rule()
match = rule.create_match('state')
match.state = "RELATED,ESTABLISHED"
rule.target …