ipmininet.router.config.iptables module

This module defines IP(6)Table configuration. Due to the current (sad) state of affairs of IPv6, one is required to explicitely make two different daemon instances, one to manage iptables, one to manage ip6tables …

class ipmininet.router.config.iptables.IP6Tables(node, **kwargs)

Bases: ipmininet.router.config.iptables.IPTables

The IPv6 counterpart to iptables …

Parameters:

• node – The node for which we build the config
• kwargs – Pre-set options for the daemon, see defaults()

NAME = 'ip6tables'

class ipmininet.router.config.iptables.IPTables(node, **kwargs)

Bases: ipmininet.router.config.base.Daemon

iptables: the default Linux firewall/ACL engine for IPv4. This is currently mainly a proxy class to generate a list of static rules to pass to iptables.

As such, see man iptables and man iptables-extensions to see the various table names, commands, pre-existing chains, …

Parameters:

• node – The node for which we build the config
• kwargs – Pre-set options for the daemon, see defaults()

NAME = 'iptables'

build()

Build the configuration tree for this daemon

Returns:ConfigDict-like object describing this configuration

dry_run

The startup line to use to check that the daemon is well-configured

set_defaults(defaults)

Parameters:rules – The (ordered) list of iptables rules that should be executed. If a rule is an iterable of strings, these will be joined using a space.

startup_line

Return the corresponding startup_line for this daemon

class ipmininet.router.config.iptables.Rule(*args, **kw)

Bases: object

A wrapper to represent an IPTable rule

Parameters:

• args – the rule members, which will joined by a whitespace
• table – Specify the table in which the rule should be installed. Defaults to filter.