dissect.target.plugins.os.unix.linux.iptables

Module Contents

Classes

IptablesSavePlugin

Parser for iptables-save, ip6tables-save and ufw rules.

Attributes

PATTERN_IPTABLES_SAVE_GENERATED
PATTERN_IPTABLES_SAVE_POLICY
PATTERN_IPTABLES_SAVE_RULE
IptablesSaveRecord

dissect.target.plugins.os.unix.linux.iptables.PATTERN_IPTABLES_SAVE_GENERATED

dissect.target.plugins.os.unix.linux.iptables.PATTERN_IPTABLES_SAVE_POLICY

dissect.target.plugins.os.unix.linux.iptables.PATTERN_IPTABLES_SAVE_RULE

dissect.target.plugins.os.unix.linux.iptables.IptablesSaveRecord

class dissect.target.plugins.os.unix.linux.iptables.IptablesSavePlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Parser for iptables-save, ip6tables-save and ufw rules.

As iptables rules are not stored on disk by default, users that want persistent rules need to store them somewhere and reload them on boot. iptables provides tools to save and reload rules (iptables-save and iptables-restore). These tools do not have a default path to look for rules, however there are multiple commonly used paths.

References

• https://git.netfilter.org/iptables/

• https://manpages.ubuntu.com/manpages/jammy/en/man8/ufw-framework.8.html

COMMON_SAVE_PATHS = ('/etc/iptables/rules.v4', '/etc/sysconfig/iptables', '/etc/iptables.rules',...

LOG_TIME_FORMAT = '%a %b  %d %H:%M:%S %Y'

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

iptables() → Iterator[IptablesSaveRecord]

Return iptables and ufw rules saved using iptables-save.