From 12890b14b2482c85d425298ccfc71b893d44a041 Mon Sep 17 00:00:00 2001 From: Pavel Sychev Date: Tue, 26 Jan 2016 16:10:52 +0300 Subject: [PATCH 1/3] Added reject_with and uid_owner support. --- system/iptables.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/system/iptables.py b/system/iptables.py index 6d2214a3105..ebf399101a1 100644 --- a/system/iptables.py +++ b/system/iptables.py @@ -291,6 +291,11 @@ def append_match(rule, param, match): rule.extend(['-m', match]) +def append_jump(rule, param, jump): + if param: + rule.extend(['-j', jump]) + + def construct_rule(params): rule = [] append_param(rule, params['protocol'], '-p', False) @@ -315,6 +320,10 @@ def construct_rule(params): append_match(rule, params['limit'] or params['limit_burst'], 'limit') append_param(rule, params['limit'], '--limit', False) append_param(rule, params['limit_burst'], '--limit-burst', False) + append_match(rule, params['uid_owner'], 'owner') + append_param(rule, params['uid_owner'], '--uid-owner', False) + append_jump(rule, params['reject_with'], 'REJECT') + append_param(rule, params['reject_with'], '--reject-with', False) return rule @@ -369,6 +378,8 @@ def main(): ctstate=dict(required=False, default=[], type='list'), limit=dict(required=False, default=None, type='str'), limit_burst=dict(required=False, default=None, type='str'), + uid_owner=dict(required=False, default=None, type='str'), + reject_with=dict(required=False, default=None, type='str'), ), mutually_exclusive=( ['set_dscp_mark', 'set_dscp_mark_class'], From c15dcf888bee05109247218d90358dc608bbb98e Mon Sep 17 00:00:00 2001 From: Pavel Sychev Date: Thu, 28 Jan 2016 11:27:31 +0300 Subject: [PATCH 2/3] Added docs for reject_with and uid_owner. --- system/iptables.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/system/iptables.py b/system/iptables.py index ebf399101a1..4a85d7316ee 100644 --- a/system/iptables.py +++ b/system/iptables.py @@ -249,6 +249,14 @@ options: - "Specifies the maximum burst before the above limit kicks in." required: false default: null + uid_owner: + description: + - "Specifies the UID or username to use in match by owner rule." + required: false + reject_with: + description: + - "Specifies the error packet type to return while rejecting." + required: false ''' EXAMPLES = ''' From eda178a9884160a1a276ceaeea2e4c5e460a4085 Mon Sep 17 00:00:00 2001 From: Pavel Sychev Date: Wed, 23 Mar 2016 13:46:50 +0300 Subject: [PATCH 3/3] Added version restriction for uid_owner and reject_with. --- system/iptables.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system/iptables.py b/system/iptables.py index 4a85d7316ee..10167f17655 100644 --- a/system/iptables.py +++ b/system/iptables.py @@ -250,10 +250,12 @@ options: required: false default: null uid_owner: + version_added: "2.1" description: - "Specifies the UID or username to use in match by owner rule." required: false reject_with: + version_added: "2.1" description: - "Specifies the error packet type to return while rejecting." required: false