我正在尝试使用python-iptables编写脚本来设置某些规则.我想出了如何设置规则以允许所有并拒绝所有,但我需要弄清楚如何编写规则以允许建立连接.
例如,我需要使用python-iptables编写以下规则:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
如果任何人有第一手资料或知道编写上述或类似规则的良好资源,我将非常感激.提前致谢!
这是成品.我计划添加更多规则选项,以允许用户在需要时允许http/s等连接.感谢所有帮助.
import iptc def dropAll(): chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT") rule = iptc.Rule() rule.in_interface = "eth+" target = iptc.Target(rule, "DROP") rule.target = target chain.insert_rule(rule) def allowLoopback(): chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT") rule = iptc.Rule() rule.in_interface = "lo" target = iptc.Target(rule, "ACCEPT") rule.target = target chain.insert_rule(rule) def allowEstablished(): chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT') rule = iptc.Rule() match = rule.create_match('state') match.state = "RELATED,ESTABLISHED" rule.target = iptc.Target(rule, 'ACCEPT') chain.insert_rule(rule) dropAll() allowLoopback() allowEstablished()
小智.. 5
尝试这个
import subprocess p = subprocess.Popen(["iptables", "-A", "INPUT", "-p", "tcp", "-m", "tcp", "--dport", "22" , "-j", "ACCEPT"], stdout=subprocess.PIPE) output , err = p.communicate() print output
SingleNegati.. 5
我没有尝试过使用python-iptables,但看起来你需要这样的东西:
rule = iptc.Rule() match = rule.create_match('state') match.state = 'RELATED,ESTABLISHED' match.target = iptc.Target('ACCEPT') chain = iptc.Chain(iptc.Table.(iptc.Table.FILTER), "INPUT") chain.insert_rule(rule)
等等.
尝试这个
import subprocess p = subprocess.Popen(["iptables", "-A", "INPUT", "-p", "tcp", "-m", "tcp", "--dport", "22" , "-j", "ACCEPT"], stdout=subprocess.PIPE) output , err = p.communicate() print output
我没有尝试过使用python-iptables,但看起来你需要这样的东西:
rule = iptc.Rule() match = rule.create_match('state') match.state = 'RELATED,ESTABLISHED' match.target = iptc.Target('ACCEPT') chain = iptc.Chain(iptc.Table.(iptc.Table.FILTER), "INPUT") chain.insert_rule(rule)
等等.