Python IPtables.get_table Examples

Programming Language: Python

Namespace/Package Name: easyovs.iptables

Class/Type: IPtables

Method/Function: get_table

Examples at hotexamples.com: 1

Python IPtables.get_table - 1 examples found. These are the top rated real world Python examples of easyovs.iptables.IPtables.get_table extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

IPtables(2)

get_table(1)

get_valid_tables(1)

load(1)

Example #1

Show file

File: dvr.py Project: yedan2010/easyOVS

    def _check_compute_node_nat_table(self, ns_q, ns_fip):
        """
        Check the snat rules in the given ns
        :param ns_q:
        :param ns_fip:
        :return:
        """
        ipt = IPtables(ns_q)
        nat = ipt.get_table(table='nat')
        chains = [
            'neutron-postrouting-bottom',
            'neutron-l3-agent-OUTPUT',
            'POSTROUTING',
            'neutron-l3-agent-PREROUTING',
            'PREROUTING',
            'neutron-l3-agent-float-snat',
            'OUTPUT',
            'INPUT',
            'neutron-l3-agent-POSTROUTING',
            'neutron-l3-agent-snat',
        ]
        for c_name in chains:
            c = nat.get_chain(c_name)
            if not c:
                warn(r("Not found chain %s\n" % c_name))
                return False
            if c.get_policy() != 'ACCEPT':
                warn(r("Chain %s's policy is not ACCEPT\n" % c.name))

        for c_name in [
                'neutron-postrouting-bottom', 'OUTPUT', 'neutron-l3-agent-snat'
        ]:
            if not self._check_chain_rule_num(nat, c_name, 1):
                return False

        c_name = 'neutron-postrouting-bottom'
        rule = {
            'in': '*',
            'source': '*',
            'out': '*',
            'destination': '*',
            'target': 'neutron-l3-agent-snat',
            'prot': '*'
        }
        if not self._check_chain_has_rule(nat, c_name, rule):
            return False

        c_name = 'PREROUTING'
        rule = {
            'in': '*',
            'source': '*',
            'out': '*',
            'destination': '*',
            'target': 'neutron-l3-agent-PREROUTING',
            'prot': '*'
        }
        if not self._check_chain_has_rule(nat, c_name, rule):
            return False

        c_name = 'OUTPUT'
        rule = {
            'in': '*',
            'source': '*',
            'out': '*',
            'destination': '*',
            'target': 'neutron-l3-agent-OUTPUT',
            'prot': '*'
        }
        if not self._check_chain_has_rule(nat, c_name, rule):
            return False

        c_name = 'POSTROUTING'
        rule = {
            'in': '*',
            'source': '*',
            'out': '*',
            'destination': '*',
            'target': 'neutron-l3-agent-POSTROUTING',
            'prot': '*'
        }
        if not self._check_chain_has_rule(nat, c_name, rule):
            return False
        rule = {
            'in': '*',
            'source': '*',
            'out': '*',
            'destination': '*',
            'target': 'neutron-postrouting-bottom',
            'prot': '*'
        }
        if not self._check_chain_has_rule(nat, c_name, rule):
            return False

        c_name = 'neutron-l3-agent-POSTROUTING'
        rfp_intfs = NameSpace(ns_q).find_intfs('rfp-')
        for intf in rfp_intfs:
            rule = {
                'in': '!' + intf['intf'],
                'source': '*',
                'out': '!' + intf['intf'],
                'destination': '*',
                'target': 'ACCEPT',
                'prot': '*',
                'flags': '! ctstate DNAT'
            }
            if not self._check_chain_has_rule(nat, c_name, rule):
                return False

        qr_intfs = NameSpace(ns_q).find_intfs('qr-')
        if not self._check_compute_node_nat_rules(qr_intfs, rfp_intfs, nat,
                                                  ns_fip):
            return False

        return True