我想用 Python 编写一个 iptables 脚本。我不想调用 iptables 本身,而是想使用 python-iptables 包。然而,我很难设置一些基本规则。我想使用过滤器链来接受端口 1234 上传入的 TCP 流量。所以我这样写:
import iptc
chain = iptc.Chain(iptc.TABLE_FILTER,"INPUT")
rule = iptc.Rule()
target = iptc.Target(rule,"ACCEPT")
match = iptc.Match(rule,'tcp')
match.dport='1234'
rule.add_match(match)
rule.target = target
chain.insert_rule(rule)
但是,当我运行这个时,我得到了这个:
Traceback (most recent call last):
File "testing.py", line 9, in <module>
chain.insert_rule(rule)
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1133, in insert_rule
self.table.insert_entry(self.name, rbuf, position)
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1166, in new
obj.refresh()
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1230, in refresh
self._free()
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1224, in _free
self.commit()
File "/usr/local/lib/python2.6/dist-packages/iptc/__init__.py", line 1219, in commit
raise IPTCError("can't commit: %s" % (self.strerror()))
iptc.IPTCError: can't commit: Invalid argument
Exception AttributeError: "'NoneType' object has no attribute 'get_errno'" in <bound method Table.__del__ of <iptc.Table object at 0x7fcad56cc550>> ignored
有没有人有 python-iptables 的经验可以启发我做错了什么?
最佳答案
哦,刚刚注意到这个。能给个github的最新头像吗?一枪?我修复了大量错误并更新了 python-iptables 以使用最新的 iptables 版本。如果您仍然遇到问题,请通过 github 开具票证.
有一件事肯定不太正确,那就是您没有在规则中设置协议(protocol):
import iptc
chain = iptc.Chain(iptc.TABLE_FILTER,"INPUT")
rule = iptc.Rule()
设置协议(protocol),例如这里:
rule.protocol = 'tcp'
然后你应该就没事了:
target = iptc.Target(rule,"ACCEPT")
match = iptc.Match(rule,'tcp')
match.dport='1234'
rule.add_match(match)
rule.target = target
chain.insert_rule(rule)
关于python-iptables : Cryptic error when allowing incoming TCP traffic on port 1234,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13789542/