Skip to content

Commit f8a6641

Browse files
ldxldx
authored
Merge pull request #269 from jllorente/iptc_easy
Improve usability via iptc.easy
2 parents 4a7a471 + b898fa4 commit f8a6641

File tree

6 files changed

+536
-129
lines changed

6 files changed

+536
-129
lines changed

README.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,31 @@ Full documentation with API reference is available
135135
Examples
136136
========
137137

138+
High level abstractions
139+
-----------------------
140+
141+
``python-iptables`` implements a low-level interface that tries to closely
142+
match the underlying C libraries. The module ``iptc.easy`` improves the
143+
usability of the library by providing a rich set of high-level functions
144+
designed to simplify the interaction with the library, for example::
145+
146+
>>> import iptc
147+
>>> iptc.easy.dump_table('nat', ipv6=False)
148+
{'INPUT': [], 'OUTPUT': [], 'POSTROUTING': [], 'PREROUTING': []}
149+
>>> iptc.easy.dump_chain('filter', 'OUTPUT', ipv6=False)
150+
[{'comment': {'comment': 'DNS traffic to Google'},
151+
'dst': '8.8.8.8/32',
152+
'protocol': 'udp',
153+
'target': 'ACCEPT',
154+
'udp': {'dport': '53'}}]
155+
>>> iptc.easy.add_chain('filter', 'TestChain')
156+
True
157+
>>> rule_d = {'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}
158+
>>> iptc.easy.insert_rule('filter', 'TestChain', rule_d)
159+
>>> iptc.easy.dump_chain('filter', 'TestChain')
160+
[{'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}]
161+
>>> iptc.easy.delete_chain('filter', 'TestChain', flush=True)
162+
138163
Rules
139164
-----
140165

@@ -546,6 +571,21 @@ or more rules, than commit it:
546571
The drawback is that Table is a singleton, and if you disable
547572
autocommit, it will be disabled for all instances of that Table.
548573

574+
Easy rules with dictionaries
575+
----------------------------
576+
To simplify operations with ``python-iptables`` rules we have included support to define and convert Rules object into python dictionaries.
577+
578+
>>> import iptc
579+
>>> table = iptc.Table(iptc.Table.FILTER)
580+
>>> chain = iptc.Chain(table, "INPUT")
581+
>>> # Create an iptc.Rule object from dictionary
582+
>>> rule_d = {'comment': {'comment': 'Match tcp.22'}, 'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}
583+
>>> rule = iptc.easy.encode_iptc_rule(rule_d)
584+
>>> # Obtain a dictionary representation from the iptc.Rule
585+
>>> iptc.easy.decode_iptc_rule(rule)
586+
{'tcp': {'dport': '22'}, 'protocol': 'tcp', 'comment': {'comment': 'Match tcp.22'}, 'target': 'ACCEPT'}
587+
588+
549589
Known Issues
550590
============
551591

doc/examples.rst

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,31 @@
11
Examples
22
========
33

4+
High level abstractions
5+
-----------------------
6+
7+
``python-iptables`` implements a low-level interface that tries to closely
8+
match the underlying C libraries. The module ``iptc.easy`` improves the
9+
usability of the library by providing a rich set of high-level functions
10+
designed to simplify the interaction with the library, for example::
11+
12+
>>> import iptc
13+
>>> iptc.easy.dump_table('nat', ipv6=False)
14+
{'INPUT': [], 'OUTPUT': [], 'POSTROUTING': [], 'PREROUTING': []}
15+
>>> iptc.easy.dump_chain('filter', 'OUTPUT', ipv6=False)
16+
[{'comment': {'comment': 'DNS traffic to Google'},
17+
'dst': '8.8.8.8/32',
18+
'protocol': 'udp',
19+
'target': 'ACCEPT',
20+
'udp': {'dport': '53'}}]
21+
>>> iptc.easy.add_chain('filter', 'TestChain')
22+
True
23+
>>> rule_d = {'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}
24+
>>> iptc.easy.insert_rule('filter', 'TestChain', rule_d)
25+
>>> iptc.easy.dump_chain('filter', 'TestChain')
26+
[{'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}]
27+
>>> iptc.easy.delete_chain('filter', 'TestChain', flush=True)
28+
429
Rules
530
-----
631

@@ -419,9 +444,9 @@ To simplify operations with ``python-iptables`` rules we have included support t
419444
>>> chain = iptc.Chain(table, "INPUT")
420445
>>> # Create an iptc.Rule object from dictionary
421446
>>> rule_d = {'comment': {'comment': 'Match tcp.22'}, 'protocol': 'tcp', 'target': 'ACCEPT', 'tcp': {'dport': '22'}}
422-
>>> rule = iptc.Rule.from_dict(rule_d)
447+
>>> rule = iptc.easy.encode_iptc_rule(rule_d)
423448
>>> # Obtain a dictionary representation from the iptc.Rule
424-
>>> rule.to_dict()
449+
>>> iptc.easy.decode_iptc_rule(rule)
425450
{'tcp': {'dport': '22'}, 'protocol': 'tcp', 'comment': {'comment': 'Match tcp.22'}, 'target': 'ACCEPT'}
426451

427452

iptc/__init__.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
from iptc.ip4tc import (is_table_available, Table, Chain, Rule, Match, Target, Policy, IPTCError)
1111
from iptc.ip6tc import is_table6_available, Table6, Rule6
1212
from iptc.errors import *
13+
import iptc.easy
1314

1415

1516
__all__ = []

0 commit comments

Comments
 (0)