1IPTables::libiptc(3) User Contributed Perl Documentation IPTables::libiptc(3)
2
3
4
6 IPTables::libiptc - Perl extension for iptables libiptc
7
9 use IPTables::libiptc;
10
11 $table = IPTables::libiptc::init('filter');
12
13 $table->create_chain("mychain");
14
15 # Its important to commit/push-back the changes to the kernel
16 $table->commit();
17
19 This package provides a perl interface to the netfilter/iptables C-code
20 and library "libiptc".
21
22 Advantages of this module: Many rule changes can be done very fast.
23 Several rule changes is committed atomically.
24
25 This module is heavily inspired by the CPAN module IPTables-IPv4. The
26 CPAN module IPTables-IPv4 could not be used because it has not been
27 kept up-to-date, with the newest iptables extensions. This is a result
28 of the module design, as it contains every extension and thus needs to
29 port them individually.
30
31 This package has another approach, it links with the systems libiptc.a
32 library and depend on dynamic loading of iptables extensions available
33 on the system.
34
35 The module only exports the libiptc chain manipulation functions. All
36 rule manipulations are done through the iptables.c "do_command"
37 function. As iptables.c is not made as a library, the package
38 unfortunately needs to maintain/contain this C file.
39
40 Iptables kernel to userspace design
41 The reasoning behind making this module comes from how
42 iptables/libiptc communicate with the kernel. Iptables/libiptc
43 transfers the entire ruleset from kernel to userspace, and back
44 again after making some changes to the ruleset.
45
46 This is a fairly large operation if only changing a single rule.
47 That is actually the behavior of the iptables command.
48
49 Thus, with this knowledge it make sense to make several changes
50 before commit'ing the changes (entire ruleset) back to the kernel.
51 This is the behavior/purpose of this perl module.
52
53 This is also what makes it so very fast to many rule changes. And
54 gives the property of several rule changes being committed
55 atomically.
56
58 Most methods will return 1 for success, or 0 for failure (and on
59 failure, set $! to a string describing the reason for the failure).
60 Unless otherwise noted, you can assume that all methods will use this
61 convention.
62
63 Chain Operations
64 get_policy
65 my ($policy) = $table->get_policy('chainname');
66 my ($policy, $pkt_cnt, $byte_cnt) = $table->get_policy('chainname');
67
68 This returns an array containing the default policy, and the number
69 of packets and bytes which have reached the default policy, in the
70 chain "chainname". If "chainname" does not exist, or if it is not
71 a built-in chain, an empty array will be returned, and $! will be
72 set to a string containing the reason.
73
74 set_policy
75 $success = $table->set_policy('chainname', 'target');
76 $success = $table->set_policy('chainname', 'target', 'pkt_cnt', 'byte_cnt');
77 ($success, $old_policy, $old_pkt_cnt, $old_pkt_cnt) = $table->set_policy('chainname', 'target');
78
79 Sets the default policy. "set_policy" can be called several ways.
80 Upon success full setting of the policy the old policy and counters
81 are returned. The counter setting values are optional.
82
83 create_chain
84 $success = $table->create_chain('chainname');
85
86 is_chain
87 $success = $table->is_chain('chainname');
88
89 Checks if the chain exist.
90
91 buildin
92 $success = $table->builtin('chainname');
93
94 Tests if the chainname is a buildin chain.
95
96 delete_chain
97 $success = $table->delete_chain('chainname');
98
99 Tries to delete the chain, returns false if it could not.
100
101 get_references
102 $refs = $table->get_references('chainname');
103
104 Get a count of how many rules reference/jump to this chain.
105
106 Listing Operations
107 list_chains
108 @array = $table->list_chains();
109 $number_of_chains = $table->list_chains();
110
111 Lists all chains. Returns the number of chains in SCALAR context.
112
113 list_rules_IPs
114 @array = $table->list_rules_IPs('type', 'chainname');
115 $number_of_rules = $table->list_rules_IPs('type', 'chainname');
116
117 This function lists the (rules) source or destination IPs from a
118 given chain. The "type" is either "src" or "dst" for source and
119 destination IPs. The netmask is also listed together with the IPs,
120 but separated by a "/" character. If chainname does not exist
121 "undef" is returned.
122
123 Rules Operations
124 No rules manipulation functions is mapped/export from libiptc, instead
125 the iptables "do_command" function is exported to this purpose.
126
127 Iptables commands (from iptables.h)
128 iptables_do_command
129 $table->iptables_do_command(\@array_ref)
130
131 Example of an array which contains a command:
132
133 my @array = ("-I", "test", "-s", "4.3.2.1", "-j", "ACCEPT");
134 $table->iptables_do_command(\@array);
135
137 None by default.
138
139 Exportable constants
140 IPT_MIN_ALIGN
141
143 Module source also available here:
144 https://github.com/netoptimizer/CPAN-IPTables-libiptc/
145
146 The Netfilter/iptables homepage: http://www.netfilter.org
147
148 iptables(8)
149
151 Jesper Dangaard Brouer, <hawk@diku.dk> or <hawk@people.netfilter.org>.
152
153 Authors SVN version information
154 $LastChangedDate$
155 $Revision$
156 $LastChangedBy$
157
159 Copyright (C) 2006-2011 by Jesper Dangaard Brouer
160
161 This program is free software; you can redistribute it and/or modify it
162 under the terms of the GNU General Public License as published by the
163 Free Software Foundation; either version 2 of the License, or (at your
164 option) any later version.
165
167 Hey! The above document had some coding errors, which are explained
168 below:
169
170 Around line 141:
171 You forgot a '=back' before '=head1'
172
173 Around line 206:
174 You forgot a '=back' before '=head2'
175
176 Around line 208:
177 '=item' outside of any '=over'
178
179 Around line 227:
180 You forgot a '=back' before '=head2'
181
182 Around line 235:
183 '=item' outside of any '=over'
184
185 Around line 245:
186 You forgot a '=back' before '=head1'
187
188
189
190perl v5.28.1 2011-11-30 IPTables::libiptc(3)