我想在Python中编写一个iptables脚本。而不是调用iptables本身我想使用python-iptables包。但是我很难获得一些基本的规则设置。我想使用过滤器链接受端口1234上的传入TCP流量。所以我写了这个:
import iptc
chain = iptc.Chain(iptc.TABLE_FILTER,"INPUT")
rule = iptc.Rule()
target = iptc.Target(rule,"ACCEPT")
match = iptc.Match(rule,'tcp')
match.dport='1234'
rule.add_match(match)
rule.target = target
chain.insert_rule(rule)
然而,当我跑这个时,我会把它扔回来:
Traceback (most recent call last):
File "testing.py", line 9, in <module>
chain.insert_rule(rule)
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1133, in insert_rule
self.table.insert_entry(self.name, rbuf, position)
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1166, in new
obj.refresh()
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1230, in refresh
self._free()
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1224, in _free
self.commit()
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1219, in commit
raise IPTCError("can't commit: %s" % (self.strerror()))
iptc.IPTCError: can't commit: Invalid argument
Exception AttributeError: "'NoneType' object has no attribute 'get_errno'" in <bound method Table.__del__ of <iptc.Table object at 0x7fcad56cc550>> ignored
有没有人有python-iptables的经验可以启发我做错了什么?
答案 0 :(得分:2)
哦,刚刚注意到这个。你可以给github一个镜头的最新头?我修复了大量的bug并更新了python-iptables以使用最新的iptables版本。如果您仍然遇到问题,请在github上打开一张票。
确定不太正确的一件事是你没有在规则中设置协议:
import iptc
chain = iptc.Chain(iptc.TABLE_FILTER,"INPUT")
rule = iptc.Rule()
设置协议,例如这里:
rule.protocol = 'tcp'
然后你应该没事:
target = iptc.Target(rule,"ACCEPT")
match = iptc.Match(rule,'tcp')
match.dport='1234'
rule.add_match(match)
rule.target = target
chain.insert_rule(rule)