{ "info": { "author": "Jamie Cockburn", "author_email": "jamie_cockburn@hotmail.co.uk", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", "Operating System :: POSIX :: Linux", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Topic :: System :: Networking :: Firewalls" ], "description": "================\npython-pyptables\n================\n\nPython package for generating Linux iptables configurations.\n\n**************\nAbout Iptables\n**************\n\nIptables is part of the Linux kernel, and is responsible for network packet filtering and manipulation. It is commonly used for building Linux-based firewalls. As packets traverse the Linux network stack, the kernel uses the rules defined in iptables decide what to do with the packet.\n\nUsing iptables involves configuring the rules that are contained in iptables. Each table is composed of chains of rules. Chains come in two flavours: built-in and user-defined. A built-in chain is an entry point into the iptables rule set that is consulted by the kernel when packet reaches at a certain point in the Linux networking stack. For example, the ``tables['filter']['OUTPUT']`` chain is consulted when a local process on the machine generates an outgoing packet.and each table/chain is consulted at different points in the network stack. User-defined chains are only consulted if called from one of the built-in chains (or from another user chain the is called from a built-in chain).\n\nChains are then made up of an ordered set of rules. A rule is composed of a set matching parameters (e.g. protocol, destination IP address/port, and many more), and an action (e.g. allow, drop, reject, log, modify the packet). When ever a packet matches a rule, the corresponding action is taken.\n\n***************\nAbout PyPTables\n***************\n\nPyPTables is a python package to allow the generation of a set of iptables rules from a python script.\n\nBasic usage\n===========\n\nThe following code will create a simple set of rules for a stateful firewall allowing only HTTP, HTTPS and DNS traffic to be routed though the box:\n\n ::\n\n from pyptables import default_tables, restore\n from pyptables.rules import Rule, Accept\n\n # get a default set of tables and chains\n tables = default_tables()\n\n # get the forward chain of the filter tables\n forward = tables['filter']['FORWARD']\n\n # any packet matching an established connection should be allowed\n forward.append(Accept(match='conntrack', ctstate='ESTABLISHED')\n\n # add rules to the forward chain for DNS, HTTP and HTTPS ports\n forward.append(Accept(proto='tcp', dport='53'))\n forward.append(Accept(proto='tcp', dport='80'))\n forward.append(Accept(proto='tcp', dport='443'))\n\n # any packet not matching a rules will be dropped\n forward.policy = Rule.DROP\n\nRules in this case are added to the iptables ``filter`` table (for packet filtering), in the ``FORWARD`` chain (for routed or bridged packets, going to and from external sources).\n\nYou can write the resulting rules into the kernel with the restore function:\n\n ::\n\n restore(tables)\n\nOr you can use the ``tables.to_iptables()`` function to generate the resulting iptables commands as a string.\n\nTables\n======\n\nThe top-level container in PyPTables is the ``Tables`` class, which represents a collection of iptables (i.e. filter, mangle, nat). For the most part, you will want to start with a call to ``default_tables()``, which will create a basic structure of tables and chains that represent the built-in tables and chains available in the Linux kernel.\n\n``Tables`` is a dictionary-like structure, and is indexable by table name using the ``[]`` operator:\n\n ::\n\n tables = default_tables()\n table = tables['filter']\n\nAn individual table is represented by the ``Table`` class, with contains a collection of chains (i.e. INPUT, OUTPUT, FORWARD). This is also a dictionary-like structure, and is indexable by chain name using the ``[]`` operator:\n\n ::\n\n chain = tables['filter']['INPUT']\n\nChains\n======\n\nChains hold an ordered list of rules. As mentioned earlier, chains come in two flavours: built-in and user. In PyPTables, these are represented by the ``BuiltinChain`` and ``UserChain`` classes respectively. The only difference between ``BuiltinChain`` and ``UserChain`` chain is that a ``BuiltinChain`` has as default policy, which is enacted when no rule in the chain has matched and dealt with the packet.\n\nThe ``Chain`` classes are list-like structures, and most standard python list operations can be used on them (i.e. ``append(rule)``, ``remove(rule)``, ``insert(rule, position)``) for example:\n\n :: \n\n tables['filter']['INPUT'].append(Rule(...))\n tables['filter']['INPUT'].insert(Rule(...), 0)\n\nFor illustration of how the ``Tables``, ``Table`` and ``BuiltinChain`` classes are used, here is the code that implements ``default_tables()``:\n\n ::\n\n def default_tables():\n \"\"\"Generate a set of iptables containing all the default tables and chains\"\"\"\n\n return Tables(Table('filter',\n BuiltinChain('INPUT', 'ACCEPT'),\n BuiltinChain('FORWARD', 'ACCEPT'),\n BuiltinChain('OUTPUT', 'ACCEPT'),\n ),\n Table('nat',\n BuiltinChain('PREROUTING', 'ACCEPT'),\n BuiltinChain('OUTPUT', 'ACCEPT'),\n BuiltinChain('POSTROUTING', 'ACCEPT'),\n ),\n Table('mangle',\n BuiltinChain('PREROUTING', 'ACCEPT'),\n BuiltinChain('INPUT', 'ACCEPT'),\n BuiltinChain('FORWARD', 'ACCEPT'),\n BuiltinChain('OUTPUT', 'ACCEPT'),\n BuiltinChain('POSTROUTING', 'ACCEPT'),\n ),\n )\n\nYou can of course choose not to use the ``default_tables()`` function, and create the basic tables structure yourself. This would be needed if for example you want to use ip6tables, or use non-standard tables.\n\nRules\n=====\n\nThe ``Rule`` class represents an actual iptables rule. Rules are created using a simple, pythonic syntax, and can then be added to a chain. For example, the following call will produce a rule which matches traffic destined for tcp port 22 (SSH) and rejects it:\n\n ::\n\n reject_ssh = Rule(proto='tcp', dport='22', jump='REJECT')\n\nWe can then add that to the INPUT chain of the filter tables, to prevent access to SSH port on the local machine.\n\n ::\n\n tables['filter']['INPUT'].append(reject_ssh)\n\nThis would result in the following iptables commands being produced:\n\n ::\n\n * filter\n ...\n -A INPUT -p tcp -j REJECT --dport 22\n ...\n\nThere are various types of rule already defined that provide defaults for various common parameters. For example, the common jump targets (ACCEPT, DROP, REJECT, etc) already have handy predefined rules with the ``jump`` parameter already set. Using these above could be written:\n\n ::\n\n from pyptables.rules import Reject\n reject_ssh = Reject(proto='tcp', dport='22')\n\nYou can define new types of rule yourself, for example, you could create an SSH type for matching SSH packets, and use it in various ways:\n\n ::\n\n SSH = Rule(proto='tcp', dport='22')\n tables['filter']['INPUT'].append(SSH(jump='ACCEPT', source='1.1.1.1', comment='Allow SSH from my workstation'))\n tables['filter']['INPUT'].append(SSH(jump='REJECT', comment='Prevent any other access to local SSH'))\n tables['filter']['FORWARD'].append(SSH(jump='REJECT', comment='Don't route any SSH traffic '))\n\nThis would result in the following iptables configuration being generated:\n\n ::\n\n ###############################################################################\n # filter table (/blocker/share/python/iptables/__init__.py:14 default_tables) #\n ###############################################################################\n *filter\n :INPUT ACCEPT [0:0]\n :FORWARD ACCEPT [0:0]\n :OUTPUT ACCEPT [0:0]\n\n # Builtin Chain \"INPUT\" (/blocker/share/python/iptables/__init__.py:12 default_tables)\"\n # Rule: Allow access to local SSH from my workstation (:1 )\n -A INPUT -p tcp -s 1.1.1.1 -j ACCEPT --dport 22 -m comment --comment \"Allow SSH from my workstation\"\n # Rule: Prevent any other access to local SSH (:1 )\n -A INPUT -p tcp -j REJECT --dport 22 -m comment --comment \"Prevent any other access to local SSH\"\n\n # Builtin Chain \"FORWARD\" (/blocker/share/python/iptables/__init__.py:13 default_tables)\"\n # Rule: Prevent any SSH traffic being routed through this box (:1 )\n -A FORWARD -p tcp -j REJECT --dport 22 -m comment --comment \"Don't route any SSH traffic\"\n\n # Builtin Chain \"OUTPUT\" (/blocker/share/python/iptables/__init__.py:14 default_tables)\"\n # No rules\n\nHigher-Level Rules\n==================\n\nTODO\n\n***********\nIssues/Bugs\n***********\n\nAny issues or bug reports, please contact `jamie_cockburn@hotmail.co.uk `_\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/daggaz/python-pyptables", "keywords": "iptables,firewall", "license": "LICENSE.txt", "maintainer": "", "maintainer_email": "", "name": "PyPTables", "package_url": "https://pypi.org/project/PyPTables/", "platform": "", "project_url": "https://pypi.org/project/PyPTables/", "project_urls": { "Homepage": "https://github.com/daggaz/python-pyptables" }, "release_url": "https://pypi.org/project/PyPTables/1.0.6/", "requires_dist": [ "six", "nose", "coverage" ], "requires_python": "", "summary": "Python package for generating Linux iptables configurations.", "version": "1.0.6" }, "last_serial": 4517835, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "70a09edea92c6d8cb81eb136600185e2", "sha256": "1b2adee9b3d5da859d54ee5d6a309c29cdb484778e50201c91e2a8c2b97f040e" }, "downloads": -1, "filename": "PyPTables-1.0.tar.gz", "has_sig": false, "md5_digest": "70a09edea92c6d8cb81eb136600185e2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13174, "upload_time": "2015-04-02T15:37:28", "url": "https://files.pythonhosted.org/packages/d2/31/54f258fc6cd2c854a23b5c618ffd3b5d4743be1bdacb43ec3ffc0efc62d7/PyPTables-1.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "c3d2d659d418235df5db1bf2a3b1c312", "sha256": "b1e2b6d0248a6ca84795ccb441d78fa102321332da206a4e1dcb71020cc8606c" }, "downloads": -1, "filename": "PyPTables-1.0.1.tar.gz", "has_sig": false, "md5_digest": "c3d2d659d418235df5db1bf2a3b1c312", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22108, "upload_time": "2015-04-02T15:47:00", "url": "https://files.pythonhosted.org/packages/10/0a/f0143c8e2adbc166c3c3f5b4138de3593ccbb791e2dd8fa1b873d090ff76/PyPTables-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "aaaab14352e576f143a46f0d7fc0fc7c", "sha256": "f800843711465b4670adeb31383bef57a9dc75ba5334931268f08b6d640739e9" }, "downloads": -1, "filename": "PyPTables-1.0.2.tar.gz", "has_sig": false, "md5_digest": "aaaab14352e576f143a46f0d7fc0fc7c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22111, "upload_time": "2015-04-02T15:55:21", "url": "https://files.pythonhosted.org/packages/8d/fc/5c6708b3bb510af578f46daf962fe60f482999a63dbab87b9548a53e43d1/PyPTables-1.0.2.tar.gz" } ], "1.0.3": [ { "comment_text": "", "digests": { "md5": "bc50f7c66b16c7bb9d61e033261ab86e", "sha256": "0bde951b54bc6bb16743e16d947f8f4df8504909b3352bd67a807b329c8db099" }, "downloads": -1, "filename": "PyPTables-1.0.3.tar.gz", "has_sig": false, "md5_digest": "bc50f7c66b16c7bb9d61e033261ab86e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22434, "upload_time": "2016-06-03T10:47:02", "url": "https://files.pythonhosted.org/packages/14/0a/ad196f51c2f2983605730a9ee5697f1346a958e417f0308aaaf9cb41e66b/PyPTables-1.0.3.tar.gz" } ], "1.0.4": [ { "comment_text": "", "digests": { "md5": "a6d1d74b0af32003191868f8459c9395", "sha256": "a2739adaed36579bb8a8509d3fc0eafce6166d6b13b918bcea0bb8775f51aa3f" }, "downloads": -1, "filename": "PyPTables-1.0.4-py3-none-any.whl", "has_sig": false, "md5_digest": "a6d1d74b0af32003191868f8459c9395", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 30851, "upload_time": "2018-11-22T14:42:58", "url": "https://files.pythonhosted.org/packages/f7/d7/ba340c321dc7f189e77d743e5193dec09dd496c6eb0db6fcd98111d5cbf9/PyPTables-1.0.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "be1710491cd9fd306b5a5a4c11e94e3a", "sha256": "f28eaa6230d87235c4a3d69bebfbed830037e656505ea4779d5024d3a431a591" }, "downloads": -1, "filename": "PyPTables-1.0.4.tar.gz", "has_sig": false, "md5_digest": "be1710491cd9fd306b5a5a4c11e94e3a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23543, "upload_time": "2018-11-22T14:42:59", "url": "https://files.pythonhosted.org/packages/a8/dc/2a6309207b5eb774f146e28c8de0b0b106e97bc5a9dba645e6ce06d62571/PyPTables-1.0.4.tar.gz" } ], "1.0.6": [ { "comment_text": "", "digests": { "md5": "79c62aca86563e4ecb760ee622b723b4", "sha256": "b731890043909fa3e6a7bfc8dddf2a34ad6aea1578b1a2de273933e489f718ef" }, "downloads": -1, "filename": "PyPTables-1.0.6-py3-none-any.whl", "has_sig": false, "md5_digest": "79c62aca86563e4ecb760ee622b723b4", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 30865, "upload_time": "2018-11-22T17:16:47", "url": "https://files.pythonhosted.org/packages/18/2c/52952fa2412675a8bcccc7f919aad5d6b87af2768960c682de50fc89e25c/PyPTables-1.0.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ea164330a3db80bb2876ac20b0721c6d", "sha256": "dec29b5b9940b2838a3433b1947482ae2e9d20ba58c557c7a645602d8c30c631" }, "downloads": -1, "filename": "PyPTables-1.0.6.tar.gz", "has_sig": false, "md5_digest": "ea164330a3db80bb2876ac20b0721c6d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23568, "upload_time": "2018-11-22T17:16:49", "url": "https://files.pythonhosted.org/packages/97/c0/bd5e806f6552742a2e2645177eacf4470b3417c7445fe4e1d44881b2f9a5/PyPTables-1.0.6.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "79c62aca86563e4ecb760ee622b723b4", "sha256": "b731890043909fa3e6a7bfc8dddf2a34ad6aea1578b1a2de273933e489f718ef" }, "downloads": -1, "filename": "PyPTables-1.0.6-py3-none-any.whl", "has_sig": false, "md5_digest": "79c62aca86563e4ecb760ee622b723b4", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 30865, "upload_time": "2018-11-22T17:16:47", "url": "https://files.pythonhosted.org/packages/18/2c/52952fa2412675a8bcccc7f919aad5d6b87af2768960c682de50fc89e25c/PyPTables-1.0.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ea164330a3db80bb2876ac20b0721c6d", "sha256": "dec29b5b9940b2838a3433b1947482ae2e9d20ba58c557c7a645602d8c30c631" }, "downloads": -1, "filename": "PyPTables-1.0.6.tar.gz", "has_sig": false, "md5_digest": "ea164330a3db80bb2876ac20b0721c6d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23568, "upload_time": "2018-11-22T17:16:49", "url": "https://files.pythonhosted.org/packages/97/c0/bd5e806f6552742a2e2645177eacf4470b3417c7445fe4e1d44881b2f9a5/PyPTables-1.0.6.tar.gz" } ] }