Module `sysbot.modules.linux.iptables`

Iptables Module

This module provides methods for querying and managing iptables firewall rules on Linux systems, including listing rules, checking chains, and viewing policies.

Classes

class Iptables

Iptables firewall management class for Linux systems.

Ancestors

ComponentBase

Methods

def count_rules(self, alias: str, chain: str, table: str = 'filter', **kwargs) ‑> int

Count the number of rules in a specific chain.

Args

alias: Session alias for the connection.
chain: Chain name (INPUT, OUTPUT, FORWARD, etc.).
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
**kwargs: Additional command execution options.

Returns

Number of rules in the chain.

def get_policy(self, alias: str, chain: str, table: str = 'filter', **kwargs) ‑> str

Get the default policy for a specific chain.

Args

alias: Session alias for the connection.
chain: Chain name (INPUT, OUTPUT, FORWARD, etc.).
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
**kwargs: Additional command execution options.

Returns

Policy value (ACCEPT, DROP, REJECT).

def list_by_spec(self, alias: str, table: str = 'filter', chain: str = None, **kwargs) ‑> List[str]

List iptables rules in specification format (as they would be entered).

Args

alias: Session alias for the connection.
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
chain: Optional chain name (INPUT, OUTPUT, FORWARD, etc.).
**kwargs: Additional command execution options.

Returns

List of rule specification strings.

def list_chains(self, alias: str, table: str = 'filter', **kwargs) ‑> List[str]

List all chains in a specific table.

Args

alias: Session alias for the connection.
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
**kwargs: Additional command execution options.

Returns

List of chain names.

def list_rules(self, alias: str, table: str = 'filter', **kwargs) ‑> Dict[str, List[Dict[str, str]]]

List all iptables rules for a specific table.

Args

alias: Session alias for the connection.
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
**kwargs: Additional command execution options.

Returns

Dictionary mapping chain names to lists of rule dictionaries.
Each rule dictionary contains: num, pkts, bytes, target, prot, opt, in, out, source, destination.

def list_rules_line_numbers(self, alias: str, table: str = 'filter', chain: str = None, **kwargs) ‑> Dict[str, List[Dict[str, str]]]

List iptables rules with line numbers for a specific table and optional chain.

Args

alias: Session alias for the connection.
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
chain: Optional chain name (INPUT, OUTPUT, FORWARD, etc.).
**kwargs: Additional command execution options.

Returns

Dictionary mapping chain names to lists of rule dictionaries.
Each rule dictionary contains: num, pkts, bytes, target, prot, opt, in, out, source, destination.

def rule_exists(self, alias: str, chain: str, rule_spec: str, table: str = 'filter', **kwargs) ‑> bool

Check if a specific rule exists in a chain.

Args

alias: Session alias for the connection.
chain: Chain name (INPUT, OUTPUT, FORWARD, etc.).
rule_spec: Rule specification to check (e.g., "-s 192.168.1.0/24 -j ACCEPT").
table: Table name (filter, nat, mangle, raw, security). Defaults to "filter".
**kwargs: Additional command execution options.

Returns

True if rule exists, False otherwise.

def save_rules(self, alias: str, **kwargs) ‑> Dict[str, List[str]]

Save current iptables rules using iptables-save.

Args

alias: Session alias for the connection.
**kwargs: Additional command execution options.

Returns

Dictionary mapping table names to lists of rule specifications.