Difference between revisions of "Quantum-iptables-manager"
Line 14: | Line 14: | ||
= Proposed Quantum Module Operations = | = Proposed Quantum Module Operations = | ||
+ | |||
+ | Setting up the module | ||
+ | |||
+ | <pre><nowiki>#! | ||
+ | from quantum.plugins.agent.linux import iptables_manager | ||
+ | iptables = iptables_manager.IptablesManager() | ||
+ | </nowiki></pre> | ||
+ | |||
+ | You can use an alternate configuration file calling the [[IptablesManager]] using the config_file='path' | ||
Adding a filter chain | Adding a filter chain | ||
<pre><nowiki>#!highlight python | <pre><nowiki>#!highlight python | ||
− | |||
− | |||
iptables.ipv4['filter'].add_chain('iptables-ipv4-chain') | iptables.ipv4['filter'].add_chain('iptables-ipv4-chain') | ||
+ | </nowiki></pre> | ||
+ | |||
+ | |||
+ | Adding rule to a filter chain | ||
+ | |||
+ | <pre><nowiki>#!highlight python | ||
+ | iptables.ipv4['filter'].add_rule('iptables-ipv4-chain', '-s 192.168.0.3 -j DROP') | ||
</nowiki></pre> | </nowiki></pre> |
Revision as of 22:12, 29 May 2012
- Git Branch: https://github.com/locaweb/quantum
Handling Iptables Manager
<<TableOfContents()>>
Abstract
The idea behind this blueprint is create a python iptables module implementing a generic iptables abstraction, this will be useful for every plugin based on iptables.
Summary
This module works with ipv4 and ipv6, supporting use of stateless or stateful firewalls.
Proposed Quantum Module Operations
Setting up the module
#! from quantum.plugins.agent.linux import iptables_manager iptables = iptables_manager.IptablesManager()
You can use an alternate configuration file calling the IptablesManager using the config_file='path'
Adding a filter chain
#!highlight python iptables.ipv4['filter'].add_chain('iptables-ipv4-chain')
Adding rule to a filter chain
#!highlight python iptables.ipv4['filter'].add_rule('iptables-ipv4-chain', '-s 192.168.0.3 -j DROP')