Merge pull request #273 from ldx/issue265

Add support for undefined targets (iptc.easy) - issue265

Author: jllorente

README.md

@@ -141,7 +141,7 @@ High level abstractions
 ``python-iptables`` implements a low-level interface that tries to closely
 match the underlying C libraries. The module ``iptc.easy`` improves the
 usability of the library by providing a rich set of high-level functions
-designed to simplify the interaction with the library, for example::
+designed to simplify the interaction with the library, for example:
 
     >>> import iptc
     >>> iptc.easy.dump_table('nat', ipv6=False)
@@ -160,6 +160,11 @@ designed to simplify the interaction with the library, for example::
     [{'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}]
     >>> iptc.easy.delete_chain('filter', 'TestChain', flush=True)
 
+    >>> # Example of goto rule // iptables -A FORWARD -p gre -g TestChainGoto
+    >>> iptc.easy.add_chain('filter', 'TestChainGoto')
+    >>> rule_goto_d = {'protocol': 'gre', 'target': {'goto': 'TestChainGoto'}}
+    >>> iptc.easy.insert_rule('filter', 'FORWARD', rule_goto_d)
+
 Rules
 -----
 

doc/examples.rst

@@ -7,7 +7,7 @@ High level abstractions
 ``python-iptables`` implements a low-level interface that tries to closely
 match the underlying C libraries. The module ``iptc.easy`` improves the
 usability of the library by providing a rich set of high-level functions
-designed to simplify the interaction with the library, for example::
+designed to simplify the interaction with the library, for example:
 
     >>> import iptc
     >>> iptc.easy.dump_table('nat', ipv6=False)
@@ -26,6 +26,11 @@ designed to simplify the interaction with the library, for example::
     [{'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}]
     >>> iptc.easy.delete_chain('filter', 'TestChain', flush=True)
 
+    >>> # Example of goto rule // iptables -A FORWARD -p gre -g TestChainGoto
+    >>> iptc.easy.add_chain('filter', 'TestChainGoto')
+    >>> rule_goto_d = {'protocol': 'gre', 'target': {'goto': 'TestChainGoto'}}
+    >>> iptc.easy.insert_rule('filter', 'FORWARD', rule_goto_d)
+
 Rules
 -----
 

iptc/easy.py

@@ -295,6 +295,8 @@ def encode_iptc_rule(rule_d, ipv6=False):
     # Basic rule attributes
     rule_attr = ('src', 'dst', 'protocol', 'in-interface', 'out-interface', 'fragment')
     iptc_rule = Rule6() if ipv6 else Rule()
+    # Set default target
+    rule_d.setdefault('target', '')
     # Avoid issues with matches that require basic parameters to be configured first
     for name in rule_attr:
         if name in rule_d:
@@ -347,7 +349,10 @@ def decode_iptc_rule(iptc_rule, ipv6=False):
         name = iptc_rule.target.name.replace('-', '_')
         d['target'] = {name:iptc_rule.target.get_all_parameters()}
     elif iptc_rule.target and iptc_rule.target.name:
-        d['target'] = iptc_rule.target.name
+        if iptc_rule.target.goto:
+            d['target'] = {'goto':iptc_rule.target.name}
+        else:
+            d['target'] = iptc_rule.target.name
     # Return a filtered dictionary
     return _filter_empty_field(d)
 
@@ -412,10 +417,12 @@ def _iptc_setmatch(iptc_rule, name, value):
 def _iptc_settarget(iptc_rule, value):
     # Target is dictionary - Use only 1 pair key/value
     if isinstance(value, dict):
-        for k, v in value.items():
-            iptc_target = iptc_rule.create_target(k)
-            _iptc_setattr_d(iptc_target, v)
-            return
+        t_name, t_value = next(iter(value.items()))
+        if t_name == 'goto':
+            iptc_target = iptc_rule.create_target(t_value, goto=True)
+        else:
+            iptc_target = iptc_rule.create_target(t_name)
+            _iptc_setattr_d(iptc_target, t_value)
     # Simple target
     else:
         iptc_target = iptc_rule.create_target(value)