About a python module (iptables)
Douglas Soares de Andrade
dsa at unilestemg.br
Wed Nov 10 10:48:31 EST 2004
Hi !
Thank you for the amazing aswer. I will check you program now.
Really thanks.
See you !
Em Qua 10 Nov 2004 16:00, você escreveu:
> >>>>> "Douglas" == Douglas Soares de Andrade <dsa at unilestemg.br> writes:
>
> Douglas> Hi ! Is there a module to do the interaction between
> Douglas> python and iptables ? I want to make a app to interect
> Douglas> with iptables (new chain, erase chain, list chain,
> Douglas> generate rules and so on).
>
> I've written one that I've used privately for years on standalone
> machines as well as routers using NAT/etc. It doesn't support all of
> iptables, but it does the common stuff. In debug mode, it only prints
> out the rules to the logfile, but doesn't execute them.
>
> Whether it is sophisticated enough for your app, I don't know. It was
> designed simply to setup the iptables config and then run, so there is
> no support for erasing chains, etc....
>
> I've uploaded a tarfile to
> http://jdh.uchicago.edu/share/py_iptables.tar.gz which contains the
> module code and some example scripts.
>
> Here is a simple script to configure the firewall for a typical
> standalone machine.
>
> #!/usr/bin/env python
> from IptablesRules import IptablesRules
>
> # debug=False executes the commands - you must be superuser
> ipt = IptablesRules(debug=True, verbose='moderate')
>
> nameservers = ipt.get_nameservers()
>
> # udpAccept and tcpAccept are dictionaries from ports to
> # machines which have access to those ports
> udpAccept = {"domain" : nameservers,}
>
> # we've parsed /etc/services so you can specify ports by name or
> # number.
> tcpAccept = {
> ('smtp', 'ntp', 'ssh', 'ftp', 'http', 'https') : 'all',
> ('postgres', ) : "128.135.0.0/16", # limit to U of C
> ('all', ) : "128.135.90.217/32", # my printer
> }
>
> ipt.broadcast_policy(eth_iface="eth0", chain='DROP')
> ipt.drop_nolog_ports(ports = ('auth', 'netbios-ns', 'microsoft-ds'),
> eth_iface="eth0") ipt.implement_rules( udp_accept = udpAccept,
> icmp_accept = ( 0, 3, 5, 8, 11 ),
> tcp_accept = tcpAccept,
> eth_iface = "eth0"
> )
> ipt.execute( logfile = '/var/tmp/iptables_rules' )
More information about the Python-list
mailing list