1IPTables::libiptc(3)  User Contributed Perl Documentation IPTables::libiptc(3)
2
3
4

NAME

6       IPTables::libiptc - Perl extension for iptables libiptc
7

SYNOPSIS

9         use IPTables::libiptc;
10
11         $table = IPTables::libiptc::init('filter');
12
13         $table->create_chain("mychain");
14
15         # Its important to commit/push-back the changes to the kernel
16         $table->commit();
17

DESCRIPTION

19       This package provides a perl interface to the netfilter/iptables C-code
20       and library "libiptc".
21
22       Advantages of this module: Many rule changes can be done very fast.
23       Several rule changes is committed atomically.
24
25       This module is heavily inspired by the CPAN module IPTables-IPv4.  The
26       CPAN module IPTables-IPv4 could not be used because it has not been
27       kept up-to-date, with the newest iptables extensions.  This is a result
28       of the module design, as it contains every extension and thus needs to
29       port them individually.
30
31       This package has another approach, it links with the systems libiptc.a
32       library and depend on dynamic loading of iptables extensions available
33       on the system.
34
35       The module only exports the libiptc chain manipulation functions.  All
36       rule manipulations are done through the iptables.c "do_command"
37       function.  As iptables.c is not made as a library, the package
38       unfortunately needs to maintain/contain this C file.
39
40   Iptables kernel to userspace design
41           The reasoning behind making this module comes from how
42           iptables/libiptc communicate with the kernel.  Iptables/libiptc
43           transfers the entire ruleset from kernel to userspace, and back
44           again after making some changes to the ruleset.
45
46           This is a fairly large operation if only changing a single rule.
47           That is actually the behavior of the iptables command.
48
49           Thus, with this knowledge it make sense to make several changes
50           before commit'ing the changes (entire ruleset) back to the kernel.
51           This is the behavior/purpose of this perl module.
52
53           This is also what makes it so very fast to many rule changes. And
54           gives the property of several rule changes being committed
55           atomically.
56

METHODS

58       Most methods will return 1 for success, or 0 for failure (and on
59       failure, set $! to a string describing the reason for the failure).
60       Unless otherwise noted, you can assume that all methods will use this
61       convention.
62
63   Chain Operations
64       get_policy
65               my ($policy)                      = $table->get_policy('chainname');
66               my ($policy, $pkt_cnt, $byte_cnt) = $table->get_policy('chainname');
67
68           This returns an array containing the default policy, and the number
69           of packets and bytes which have reached the default policy, in the
70           chain "chainname".  If "chainname" does not exist, or if it is not
71           a built-in chain, an empty array will be returned, and $! will be
72           set to a string containing the reason.
73
74       set_policy
75               $success = $table->set_policy('chainname', 'target');
76               $success = $table->set_policy('chainname', 'target', 'pkt_cnt', 'byte_cnt');
77               ($success, $old_policy, $old_pkt_cnt, $old_pkt_cnt) = $table->set_policy('chainname', 'target');
78
79           Sets the default policy.  "set_policy" can be called several ways.
80           Upon success full setting of the policy the old policy and counters
81           are returned.  The counter setting values are optional.
82
83       create_chain
84               $success = $table->create_chain('chainname');
85
86       is_chain
87               $success = $table->is_chain('chainname');
88
89           Checks if the chain exist.
90
91       buildin
92               $success = $table->builtin('chainname');
93
94           Tests if the chainname is a buildin chain.
95
96       delete_chain
97            $success = $table->delete_chain('chainname');
98
99           Tries to delete the chain, returns false if it could not.
100
101       get_references
102            $refs = $table->get_references('chainname');
103
104           Get a count of how many rules reference/jump to this chain.
105
106   Listing Operations
107       list_chains
108               @array            = $table->list_chains();
109               $number_of_chains = $table->list_chains();
110
111           Lists all chains.  Returns the number of chains in SCALAR context.
112
113       list_rules_IPs
114               @array           = $table->list_rules_IPs('type', 'chainname');
115               $number_of_rules = $table->list_rules_IPs('type', 'chainname');
116
117           This function lists the (rules) source or destination IPs from a
118           given chain.  The "type" is either "src" or "dst" for source and
119           destination IPs.  The netmask is also listed together with the IPs,
120           but separated by a "/" character.  If chainname does not exist
121           "undef" is returned.
122
123   Rules Operations
124       No rules manipulation functions is mapped/export from libiptc, instead
125       the iptables "do_command" function is exported to this purpose.
126
127   Iptables commands (from iptables.h)
128       iptables_do_command
129               $table->iptables_do_command(\@array_ref)
130
131           Example of an array which contains a command:
132
133               my @array = ("-I", "test", "-s", "4.3.2.1", "-j", "ACCEPT");
134               $table->iptables_do_command(\@array);
135

EXPORT

137       None by default.
138
139   Exportable constants
140         IPT_MIN_ALIGN
141

SEE ALSO

143       Module source also available here:
144        https://github.com/netoptimizer/CPAN-IPTables-libiptc/
145
146       The Netfilter/iptables homepage: http://www.netfilter.org
147
148       iptables(8)
149

AUTHOR

151       Jesper Dangaard Brouer, <hawk@diku.dk> or <hawk@people.netfilter.org>.
152
153   Authors SVN version information
154        $LastChangedDate$
155        $Revision$
156        $LastChangedBy$
157
159       Copyright (C) 2006-2011 by Jesper Dangaard Brouer
160
161       This program is free software; you can redistribute it and/or modify it
162       under the terms of the GNU General Public License as published by the
163       Free Software Foundation; either version 2 of the License, or (at your
164       option) any later version.
165

POD ERRORS

167       Hey! The above document had some coding errors, which are explained
168       below:
169
170       Around line 141:
171           You forgot a '=back' before '=head1'
172
173       Around line 206:
174           You forgot a '=back' before '=head2'
175
176       Around line 208:
177           '=item' outside of any '=over'
178
179       Around line 227:
180           You forgot a '=back' before '=head2'
181
182       Around line 235:
183           '=item' outside of any '=over'
184
185       Around line 245:
186           You forgot a '=back' before '=head1'
187
188
189
190perl v5.28.1                      2011-11-30              IPTables::libiptc(3)
Impressum