IPTables::Interface - Perl style wrapper interface for IPTables::libiptc
use Log::Log4perl qw(:easy);
Log::Log4perl->easy_init($DEBUG);
use IPTables::Interface;
$table = IPTables::Interface::new('filter');
my $chain = "chainname";
$table->create_chain($chain);
$table->iptables_do_command("-A $chain", "-s 10.0.0.42", "-j ACCEPT");
# Its important to commit/push-back the changes to the kernel
$table->commit();
This module is basically a wrapper/shadow interface around IPTables::libiptc.
The purpose of the module, is to provide:
Basically we shadows the functions in IPTables::libiptc, see this module for method documentation.
my ($policy) = $table->get_policy("chainname");
my ($policy, $pkt_cnt, $byte_cnt) = $table->get_policy("chainname");
This returns an array containing the default policy, and the number of packets and bytes which have reached the default policy, in the chain chainname. If chainname does not exist, or if it is not a built-in chain, an empty array will be returned, $! will be set to a string containing the reason, and $table->{'success'} == 0.
my ($success) = $table->set_policy("chainname", "POLICY");
my ($success, $old_policy) = $table->set_policy("chainname", "POLICY");
my ($success, $old_policy, $old_pkt_cnt, $old_byte_cnt) =
$table->set_policy("chainname", "POLICY", $pkt_cnt, $byte_cnt);
This returns an array containing if the command was successful and the previous default policy. It is also possible to set the counter values (on the buildin chain), this will cause the command to return the previous counter values. The chainname must be a built-in chain name.
@array = $table->list_chains();
Lists all chains.
@list_of_IPs = $table->list_rules_IPs('type', 'chainname');
This function lists the (rules) source or destination IPs from a given chain. The type is either src or dst for source and destination IPs. The netmask is also listed together with the IPs, but seperated by a / character. If chainname does not exist undef is returned.
$success = $table->iptables_do_command("-A chain", "-s 10.0.0.42");
$success = $table->iptables_do_command("-I", "chain", "-s 10.0.0.42");
The iptables_do_command calls the do_command function from iptables.c. This means that the input is the same as the iptables command line arguments. The perl function automatically transforms the input into the seperate command line arguments need by the do_command function.
Rule operations are done through the iptables_do_command. The following helper function are implemented.
$success = append_rule($chain, $rule, $target);
$success = insert_rule($chain, $rule, $target);
$success = delete_rule($chain, $rule, $target);
IPTables::libiptc, Log::Log4perl, Time::HiRes. IPTables::Interface::Lock.
Documentation of the module IPTables::libiptc.
Jesper Dangaard Brouer, <hawk@comx.dk> or <hawk@diku.dk>.
$LastChangedDate: 2009-11-12 16:06:07 +0100 (Thu, 12 Nov 2009) $ $Revision: 1001 $ $LastChangedBy: jdb $
Copyright (C) 2006 by Jesper Dangaard Brouer
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.