如何使用python-iptables编写特定的iptables规则

我正在尝试使用python-iptables编写脚本来设置某些规则.我想出了如何设置规则以允许所有并拒绝所有,但我需要弄清楚如何编写规则以允许建立连接.

例如,我需要使用python-iptables编写以下规则:

iptables -A INPUT  -m state --state     RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

如果任何人有第一手资料或知道编写上述或类似规则的良好资源,我将非常感激.提前致谢!

这是成品.我计划添加更多规则选项,以允许用户在需要时允许http/s等连接.感谢所有帮助.

import iptc

def dropAll():
    chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
    rule = iptc.Rule()
    rule.in_interface = "eth+"
    target = iptc.Target(rule, "DROP")
    rule.target = target
    chain.insert_rule(rule)

def allowLoopback():
    chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), "INPUT")
    rule = iptc.Rule()
    rule.in_interface = "lo"
    target = iptc.Target(rule, "ACCEPT")
    rule.target = target
    chain.insert_rule(rule)

def allowEstablished():
    chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'INPUT')
    rule = iptc.Rule()
    match = rule.create_match('state')
    match.state = "RELATED,ESTABLISHED"
    rule.target = iptc.Target(rule, 'ACCEPT')
    chain.insert_rule(rule)

dropAll()
allowLoopback()
allowEstablished()

小智.. 5

尝试这个

 import subprocess

p = subprocess.Popen(["iptables", "-A", "INPUT", "-p", "tcp", "-m", "tcp", "--dport", "22" , "-j", "ACCEPT"], stdout=subprocess.PIPE)
        output , err = p.communicate()
        print output

SingleNegati.. 5

我没有尝试过使用python-iptables,但看起来你需要这样的东西:

rule = iptc.Rule()
match = rule.create_match('state')
match.state = 'RELATED,ESTABLISHED'
match.target = iptc.Target('ACCEPT')

chain = iptc.Chain(iptc.Table.(iptc.Table.FILTER), "INPUT")
chain.insert_rule(rule)

等等.