Pyptables

From VyOS Wiki
Jump to: navigation, search

Pyptables is the codename for the netfilter rule generator library.

It's supposed to output iptables-restore compatible format.

Overall architecture

Base classes:

  • Chain (maps to xtables chain)
    • FilterChain
    • NatChain
    • MangleChain
    • ...
  • Rule (maps to xtables rule)
    • FilterRule
    • NatRule
    • MangleRule
    • ...

Chain methods

  • insert(Rule)
  • append(Rule)
  • ...

Rule methods

We need to identify the least common denominator between all xtables to decide which methods to add.

  • add_condition(match_type, match_arguments) -- generic xtables condition without checking, also used internally by high-level methods
  • set_source_interface(iface_name)
  • set_Destination_interface(iface_name)
  • set_source_address(address_string)
  • ...