changing value of match does not update rule content

tomh4x commented 3 years ago

(Pdb) type(cfddns_chain.rules[x].matches[1])
<class 'iptc.ip4tc.Match'>
(Pdb) cfddns_chain.rules[x].matches[1].comment
'www.google.com'
(Pdb) cfddns_chain.rules[x].matches[1].comment = "something else"
(Pdb) cfddns_chain.rules[x].matches[1].comment
'www.google.com'
(Pdb)

this should just be a string assignment. digging a bit further...

(Pdb) cfddns_chain.rules[x].matches[1].parameters
{'comment': 'www.google.com'}
(Pdb) type(cfddns_chain.rules[x].matches[1].parameters)
<class 'dict'>
(Pdb) cfddns_chain.rules[x].matches[1].parameters = { 'comment': 'something else' }
*** AttributeError: can't set attribute
(Pdb)

I then additionally tried to call iptc.ip4tc.Rule.remove_match(), create a new iptc.Match object and call add_match().

This also threw no errors or exceptions and did not update the comment value. I believe my only work-around is to delete the whole rule and re-insert, but is the match issue something that can be fixed?

I think that is preferable (at least for me) and in line with the overall logic of the rest of the iptc logic, no?

jllorente commented 3 years ago

You need to replace the rule with a new rule:

using the low level interface: https://github.com/ldx/python-iptables/blob/master/tests/test_iptc.py#L852
using the higher level interface: https://github.com/ldx/python-iptables/blob/master/iptc/easy.py#L139

tomh4x commented 3 years ago

Yes, as stated, that is what I ended up doing. I was asking if code changes on the part of this project would allow for changes to match objects directly.

For example, if one updates the value of iptc.Rule.src with a new address, the netfilter contents instantly reflect this. It just seemed odd to discover that child objects did not also work that way.

Regardless, thank you for responding and yes replacing the entire rule did work for me.

ldx / python-iptables

changing value of match does not update rule content #311