معرفی شرکت ها

PyPTables-1.0.7

Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
1.0.7
1.0.6
1.0.4
1.0.7
1.0.6
1.0.4
1.0.3

توضیحات

Python package for generating Linux iptables configurations.
ویژگی مقدار
سیستم عامل POSIX :: Linux
نام فایل PyPTables-1.0.7
نام PyPTables
نسخه کتابخانه 1.0.7
نگهدارنده []
ایمیل نگهدارنده []
نویسنده Jamie Cockburn
ایمیل نویسنده jamie_cockburn@hotmail.co.uk
آدرس صفحه اصلی https://github.com/daggaz/python-pyptables
آدرس اینترنتی https://pypi.org/project/PyPTables/
مجوز LICENSE.txt
================ python-pyptables ================ Python package for generating Linux iptables configurations. ************** About Iptables ************** Iptables is part of the Linux kernel, and is responsible for network packet filtering and manipulation. It is commonly used for building Linux-based firewalls. As packets traverse the Linux network stack, the kernel uses the rules defined in iptables decide what to do with the packet. Using iptables involves configuring the rules that are contained in iptables. Each table is composed of chains of rules. Chains come in two flavours: built-in and user-defined. A built-in chain is an entry point into the iptables rule set that is consulted by the kernel when packet reaches at a certain point in the Linux networking stack. For example, the ``tables['filter']['OUTPUT']`` chain is consulted when a local process on the machine generates an outgoing packet.and each table/chain is consulted at different points in the network stack. User-defined chains are only consulted if called from one of the built-in chains (or from another user chain the is called from a built-in chain). Chains are then made up of an ordered set of rules. A rule is composed of a set matching parameters (e.g. protocol, destination IP address/port, and many more), and an action (e.g. allow, drop, reject, log, modify the packet). When ever a packet matches a rule, the corresponding action is taken. *************** About PyPTables *************** PyPTables is a python package to allow the generation of a set of iptables rules from a python script. Basic usage =========== The following code will create a simple set of rules for a stateful firewall allowing only HTTP, HTTPS and DNS traffic to be routed though the box: :: from pyptables import default_tables, restore from pyptables.rules import Rule, Accept # get a default set of tables and chains tables = default_tables() # get the forward chain of the filter tables forward = tables['filter']['FORWARD'] # any packet matching an established connection should be allowed forward.append(Accept(match='conntrack', ctstate='ESTABLISHED') # add rules to the forward chain for DNS, HTTP and HTTPS ports forward.append(Accept(proto='tcp', dport='53')) forward.append(Accept(proto='tcp', dport='80')) forward.append(Accept(proto='tcp', dport='443')) # any packet not matching a rules will be dropped forward.policy = Rule.DROP Rules in this case are added to the iptables ``filter`` table (for packet filtering), in the ``FORWARD`` chain (for routed or bridged packets, going to and from external sources). You can write the resulting rules into the kernel with the restore function: :: restore(tables) Or you can use the ``tables.to_iptables()`` function to generate the resulting iptables commands as a string. Tables ====== The top-level container in PyPTables is the ``Tables`` class, which represents a collection of iptables (i.e. filter, mangle, nat). For the most part, you will want to start with a call to ``default_tables()``, which will create a basic structure of tables and chains that represent the built-in tables and chains available in the Linux kernel. ``Tables`` is a dictionary-like structure, and is indexable by table name using the ``[]`` operator: :: tables = default_tables() table = tables['filter'] An individual table is represented by the ``Table`` class, with contains a collection of chains (i.e. INPUT, OUTPUT, FORWARD). This is also a dictionary-like structure, and is indexable by chain name using the ``[]`` operator: :: chain = tables['filter']['INPUT'] Chains ====== Chains hold an ordered list of rules. As mentioned earlier, chains come in two flavours: built-in and user. In PyPTables, these are represented by the ``BuiltinChain`` and ``UserChain`` classes respectively. The only difference between ``BuiltinChain`` and ``UserChain`` chain is that a ``BuiltinChain`` has as default policy, which is enacted when no rule in the chain has matched and dealt with the packet. The ``Chain`` classes are list-like structures, and most standard python list operations can be used on them (i.e. ``append(rule)``, ``remove(rule)``, ``insert(rule, position)``) for example: :: tables['filter']['INPUT'].append(Rule(...)) tables['filter']['INPUT'].insert(Rule(...), 0) For illustration of how the ``Tables``, ``Table`` and ``BuiltinChain`` classes are used, here is the code that implements ``default_tables()``: :: def default_tables(): """Generate a set of iptables containing all the default tables and chains""" return Tables(Table('filter', BuiltinChain('INPUT', 'ACCEPT'), BuiltinChain('FORWARD', 'ACCEPT'), BuiltinChain('OUTPUT', 'ACCEPT'), ), Table('nat', BuiltinChain('PREROUTING', 'ACCEPT'), BuiltinChain('OUTPUT', 'ACCEPT'), BuiltinChain('POSTROUTING', 'ACCEPT'), ), Table('mangle', BuiltinChain('PREROUTING', 'ACCEPT'), BuiltinChain('INPUT', 'ACCEPT'), BuiltinChain('FORWARD', 'ACCEPT'), BuiltinChain('OUTPUT', 'ACCEPT'), BuiltinChain('POSTROUTING', 'ACCEPT'), ), ) You can of course choose not to use the ``default_tables()`` function, and create the basic tables structure yourself. This would be needed if for example you want to use ip6tables, or use non-standard tables. User chains ----------- The ``UserChain`` class can be used to define user-defined chains. :: chain = UserChain('test_chain', comment='A user chain') chain.append(Rule(i='eth0', s='1.1.2.1', d__not='1.1.1.2', jump='DROP', comment='A Rule')) User-defined chains can be referenced to from the built-in chain via a jump (and others similar constructs). :: tables = default_tables() tables['filter'].append(chain) tables['filter']['INPUT'].append(Jump(chain)) Rules ===== The ``Rule`` class represents an actual iptables rule. Rules are created using a simple, pythonic syntax, and can then be added to a chain. For example, the following call will produce a rule which matches traffic destined for tcp port 22 (SSH) and rejects it: :: reject_ssh = Rule(proto='tcp', dport='22', jump='REJECT') We can then add that to the INPUT chain of the filter tables, to prevent access to SSH port on the local machine. :: tables['filter']['INPUT'].append(reject_ssh) This would result in the following iptables commands being produced: :: * filter ... -A INPUT -p tcp -j REJECT --dport 22 ... There are various types of rule already defined that provide defaults for various common parameters. For example, the common jump targets (ACCEPT, DROP, REJECT, etc) already have handy predefined rules with the ``jump`` parameter already set. Using these above could be written: :: from pyptables.rules import Reject reject_ssh = Reject(proto='tcp', dport='22') You can define new types of rule yourself, for example, you could create an SSH type for matching SSH packets, and use it in various ways: :: SSH = Rule(proto='tcp', dport='22') tables['filter']['INPUT'].append(SSH(jump='ACCEPT', source='1.1.1.1', comment='Allow SSH from my workstation')) tables['filter']['INPUT'].append(SSH(jump='REJECT', comment='Prevent any other access to local SSH')) tables['filter']['FORWARD'].append(SSH(jump='REJECT', comment='Don't route any SSH traffic ')) This would result in the following iptables configuration being generated: :: ############################################################################### # filter table (/blocker/share/python/iptables/__init__.py:14 default_tables) # ############################################################################### *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # Builtin Chain "INPUT" (/blocker/share/python/iptables/__init__.py:12 default_tables)" # Rule: Allow access to local SSH from my workstation (<stdin>:1 <module>) -A INPUT -p tcp -s 1.1.1.1 -j ACCEPT --dport 22 -m comment --comment "Allow SSH from my workstation" # Rule: Prevent any other access to local SSH (<stdin>:1 <module>) -A INPUT -p tcp -j REJECT --dport 22 -m comment --comment "Prevent any other access to local SSH" # Builtin Chain "FORWARD" (/blocker/share/python/iptables/__init__.py:13 default_tables)" # Rule: Prevent any SSH traffic being routed through this box (<stdin>:1 <module>) -A FORWARD -p tcp -j REJECT --dport 22 -m comment --comment "Don't route any SSH traffic" # Builtin Chain "OUTPUT" (/blocker/share/python/iptables/__init__.py:14 default_tables)" # No rules Higher-Level Rules ================== TODO ***** Build ***** :: cd ~/sources/python-pyptables/ python3 -m venv ~/build/ . ~/build/bin/activate pip install --upgrade build twine python -m build twine upload dist/* *********** Issues/Bugs *********** Any issues or bug reports, please contact `jamie_cockburn@hotmail.co.uk <mailto:jamie_cockburn@hotmail.co.uk>`_


نیازمندی

مقدار نام
- six
- nose
- coverage


نحوه نصب


نصب پکیج whl PyPTables-1.0.7:

    pip install PyPTables-1.0.7.whl


نصب پکیج tar.gz PyPTables-1.0.7:

    pip install PyPTables-1.0.7.tar.gz