Latest revision as of 13:23, 29 July 2016

Handling Iptables Manager


The idea behind this blueprint is create a python iptables module implementing a generic iptables abstraction, this will be useful for every plugin based on iptables.


This module works with ipv4 and ipv6, supporting use of stateless or stateful firewalls.

Proposed Quantum Module Operations

Setting up the module

from quantum.plugins.agent.linux import iptables_manager
iptables = iptables_manager.IptablesManager()

You can use an alternate configuration file calling the IptablesManager using the config_file='path'

Adding a filter chain


Adding rule to a filter chain

#!highlight python
iptables.ipv4['filter'].add_rule('iptables-ipv4-filter', '-s -j DROP')

Removing rule from a filter chain

iptables.ipv4['filter'].remove_rule('iptables-ipv4-filter', '-s -j DROP')

Empty a chain


Removing a filter chain


Adding a nat chain


Adding rule to a nat chain

iptables.ipv4['nat'].add_rule('PREROUTING', '-d -j iptables-ipv4-nat', wrap=False)
iptables.ipv4['nat'].add_rule('iptables-ipv4-nat', '-i eth0 -p tcp -d --dport 8080 -j REDIRECT --to-port 80')

Removing rule from a nat chain

iptables.ipv4['nat'].remove_rule('iptables-ipv4-nat', '-i eth0 -p tcp -d --dport 8080 -j REDIRECT --to-port 80')
iptables.ipv4['nat'].remove_rule('PREROUTING', '-d -j iptables-ipv4-nat', wrap=False)

Empty a chain


Removing a filter chain


Applying iptables rules