ldx
commented
5 years ago Can you show me some example code?
Closed multun closed 5 years ago
ldx
commented
5 years ago Can you show me some example code?
multun
commented
5 years ago import iptc
filter_table=iptc.Table('filter')
input_chain={c.name: c for c in filter_table.chains}['INPUT']
new_rule = iptc.Rule()
new_rule.src = '1.2.3.4/20'
new_rule.target = iptc.Target(new_rule, "LOG")
input_chain.append_rule(new_rule)That rule seemingly can't be removed using -D:
$ iptables-save | grep 1\.2\.3\.4
-A INPUT -s 1.2.3.4/20 -j LOG
$ iptables -D INPUT -s 1.2.3.4/20 -j LOG
iptables: No chain/target/match by that name.
$ iptables -A INPUT -s 1.2.3.4/20 -j LOG
$ iptables-save | grep 1\.2\..\..
-A INPUT -s 1.2.3.4/20 -j LOG
-A INPUT -s 1.2.0.0/20 -j LOG
$ iptables -D INPUT -s 1.2.3.4/20 -j LOG
jllorente
commented
5 years ago Hi @multun thank you for spotting this! I have submited PR https://github.com/ldx/python-iptables/pull/274 to address this issue.
jllorente
commented
5 years ago The fix is now available in master
When adding a rule with, for example, source subnet src =
10.42.15.12/20, python-iptables doesn't simplify the subnet to10.42.0.0/20, which causes netfilter to brainfart and not match anything at all.Is it somehow intended ?