0
# IPv4 Tables and Chains
1
2
Core functionality for managing iptables tables and chains in IPv4 networks. This module provides the foundation for all iptables operations, including table access, chain creation and management, and policy configuration.
3
4
## Capabilities
5
6
### Table Management
7
8
Tables are the top-level containers in iptables that organize chains by their primary function. Each table serves a specific purpose in the packet processing pipeline.
9
10
```python { .api }
11
class Table:
12
"""
13
Represents an iptables table (filter, nat, mangle, raw, security).
14
15
Class Constants:
16
- FILTER: "filter" - Default table for filtering packets
17
- NAT: "nat" - Network Address Translation table
18
- MANGLE: "mangle" - Packet alteration table
19
- RAW: "raw" - Raw packet processing table
20
- SECURITY: "security" - SELinux security table
21
- ALL: List of all available table names
22
"""
23
FILTER: str
24
NAT: str
25
MANGLE: str
26
RAW: str
27
SECURITY: str
28
ALL: list
29
30
def __init__(self, name: str, autocommit: bool = None):
31
"""
32
Initialize a Table object.
33
34
Args:
35
name: Table name (use Table constants)
36
autocommit: Enable automatic commits (default: True)
37
"""
38
39
@property
40
def autocommit(self) -> bool:
41
"""Whether operations are automatically committed"""
42
43
@autocommit.setter
44
def autocommit(self, value: bool) -> None:
45
"""Set autocommit behavior"""
46
47
@property
48
def chains(self) -> list:
49
"""List of Chain objects in this table"""
50
51
def commit(self) -> None:
52
"""Commit pending operations to kernel"""
53
54
def refresh(self) -> None:
55
"""Refresh table state from kernel"""
56
57
def close(self) -> None:
58
"""Close connection handle"""
59
60
def create_chain(self, chain: str) -> 'Chain':
61
"""
62
Create a new chain in this table.
63
64
Args:
65
chain: Chain name
66
67
Returns:
68
Chain object for the new chain
69
"""
70
71
def delete_chain(self, chain: str) -> None:
72
"""
73
Delete a chain from this table.
74
75
Args:
76
chain: Chain name or Chain object
77
"""
78
79
def flush_entries(self, chain: str) -> None:
80
"""
81
Remove all rules from a chain.
82
83
Args:
84
chain: Chain name
85
"""
86
87
def is_chain(self, chain: str) -> bool:
88
"""
89
Check if chain exists in this table.
90
91
Args:
92
chain: Chain name
93
94
Returns:
95
True if chain exists
96
"""
97
98
def builtin_chain(self, chain: str) -> bool:
99
"""
100
Check if chain is a built-in chain.
101
102
Args:
103
chain: Chain name
104
105
Returns:
106
True if chain is built-in
107
"""
108
109
def zero_entries(self, chain: str) -> None:
110
"""
111
Zero all packet and byte counters in a chain.
112
113
Args:
114
chain: Chain name
115
"""
116
117
def rename_chain(self, old_name: str, new_name: str) -> None:
118
"""
119
Rename a chain in this table.
120
121
Args:
122
old_name: Current chain name
123
new_name: New chain name
124
"""
125
```
126
127
### Chain Management
128
129
Chains are containers for rules within a table. They define the order in which rules are processed and can have default policies for unmatched packets.
130
131
```python { .api }
132
class Chain:
133
"""
134
Represents a chain within an iptables table.
135
"""
136
137
def __init__(self, table: Table, name: str):
138
"""
139
Initialize a Chain object.
140
141
Args:
142
table: Parent Table object
143
name: Chain name
144
"""
145
146
@property
147
def name(self) -> str:
148
"""Chain name"""
149
150
@property
151
def table(self) -> Table:
152
"""Parent Table object"""
153
154
@property
155
def rules(self) -> list:
156
"""List of Rule objects in this chain"""
157
158
def append_rule(self, rule: 'Rule') -> None:
159
"""
160
Add rule to end of chain.
161
162
Args:
163
rule: Rule object to add
164
"""
165
166
def insert_rule(self, rule: 'Rule', position: int = 0) -> None:
167
"""
168
Insert rule at specific position.
169
170
Args:
171
rule: Rule object to insert
172
position: Position to insert at (0 = beginning)
173
"""
174
175
def delete_rule(self, rule: 'Rule') -> None:
176
"""
177
Remove rule from chain.
178
179
Args:
180
rule: Rule object to remove
181
"""
182
183
def flush(self) -> None:
184
"""Remove all rules from chain"""
185
186
def set_policy(self, policy: str, counters: tuple = None) -> None:
187
"""
188
Set default policy for chain.
189
190
Args:
191
policy: Policy name (ACCEPT, DROP, QUEUE, RETURN)
192
counters: Optional (packets, bytes) counters
193
"""
194
195
def get_policy(self) -> tuple:
196
"""
197
Get current policy and counters.
198
199
Returns:
200
Tuple of (policy_name, (packets, bytes))
201
"""
202
203
def is_builtin(self) -> bool:
204
"""
205
Check if this is a built-in chain.
206
207
Returns:
208
True if built-in chain
209
"""
210
211
def get_counters(self) -> tuple:
212
"""
213
Get packet and byte counters for this chain.
214
215
Returns:
216
Tuple of (packets, bytes)
217
"""
218
219
def zero_counters(self) -> None:
220
"""Zero packet and byte counters for this chain"""
221
222
def rename(self, new_name: str) -> None:
223
"""
224
Rename this chain.
225
226
Args:
227
new_name: New chain name
228
"""
229
```
230
231
### Table Availability
232
233
Function to check which tables are available in the current kernel configuration.
234
235
```python { .api }
236
def is_table_available(name: str) -> bool:
237
"""
238
Check if specified table is available in kernel.
239
240
Args:
241
name: Table name to check
242
243
Returns:
244
True if table is available
245
"""
246
```
247
248
## Usage Examples
249
250
### Creating and Managing Tables
251
252
```python
253
import iptc
254
255
# Access the filter table
256
table = iptc.Table(iptc.Table.FILTER)
257
258
# Check if table is available first
259
if iptc.is_table_available("mangle"):
260
mangle_table = iptc.Table(iptc.Table.MANGLE)
261
262
# Disable autocommit for batch operations
263
table.autocommit = False
264
# ... perform multiple operations ...
265
table.commit()
266
table.autocommit = True
267
```
268
269
### Chain Operations
270
271
```python
272
import iptc
273
274
table = iptc.Table(iptc.Table.FILTER)
275
276
# Create a custom chain
277
custom_chain = table.create_chain("my_custom_chain")
278
279
# Access built-in chains
280
input_chain = iptc.Chain(table, "INPUT")
281
output_chain = iptc.Chain(table, "OUTPUT")
282
283
# Set chain policy
284
input_chain.set_policy(iptc.Policy.DROP)
285
286
# Check policy
287
policy, counters = input_chain.get_policy()
288
print(f"Policy: {policy}, Packets: {counters[0]}, Bytes: {counters[1]}")
289
290
# List all chains in table
291
for chain in table.chains:
292
print(f"Chain: {chain.name}, Builtin: {chain.is_builtin()}")
293
294
# Flush chain (remove all rules)
295
custom_chain.flush()
296
297
# Delete custom chain
298
table.delete_chain("my_custom_chain")
299
```
300
301
### Error Handling
302
303
```python
304
import iptc
305
306
try:
307
# Try to access a table that might not exist
308
table = iptc.Table("nonexistent")
309
except iptc.IPTCError as e:
310
print(f"Table access failed: {e}")
311
312
try:
313
table = iptc.Table(iptc.Table.FILTER)
314
# Try to create a chain that already exists
315
table.create_chain("INPUT") # INPUT is built-in
316
except iptc.IPTCError as e:
317
print(f"Chain creation failed: {e}")
318
```