Rule multiple Dst Addresses
zkryakgul opened this issue · comments
I want to add multiple dst addresses to my rule like in ip tables for example:
iptables -A OUTPUT -o enp0s3 -p tcp --dst 1.1.1.1,2.2.2.2,185.195.230.7 -m multiport --dports 80,443 -m comment --comment Test -j DROP
I wrote a script that is add rule's from given json. And if i give the script a json like this and ran it:
data2 = {
"action": "add_rule",
"parameters": {
"action": "DROP",
"out_interface": "enp0s3",
"protocol": "tcp",
"source": "any",
"source_port": "any",
"destination": "1.1.1.1,2.2.2.2,185.195.230.7",
"destination_port": "80,443",
"log": "True",
"description": "Test",
"chain": "OUTPUT",
"table": "FILTER"
}
}
it says invalid address 1.1.1.1,2.2.2.2,185.195.230.7
But when i ran iptables command in cli it works perfectly with no error.
i looked at your code little bit and think about adding some line like this to the set_dst function in ip4tc.py but it will probably cause for some other errors.
def set_dst(self, dst):
if dst[0] == "!":
self.entry.ip.invflags |= ipt_ip.IPT_INV_SRCIP
dst = dst[1:]
else:
self.entry.ip.invflags &= (~ipt_ip.IPT_INV_SRCIP &
ipt_ip.IPT_INV_MASK)
# Split for multiple dst adress list
dst_list = dst.split(",")
for dst in dst_list:
slash = dst.find("/")
if slash == -1:
addr = dst
netm = "255.255.255.255"
else:
addr = dst[:slash]
netm = dst[slash + 1:]
.
.
.
So if it is possible i dont want to add them like seperate rules for each ip.