plrule

This module contains the implementation of the different rule types (FwRule, ShapingRule StatisticsRule).

There is no need to import this module directly. Use the methods of the Ruleset object to create and manipulate rules.

Functions defined here:

rulecondition_ensure_id -

Classes defined here:

FwRule -

MonitorIface - Object representing a monitor interfaces

PLRule -

ShapingRule -

ShapingRuleFlags - Used internaly to represent the flags on a ShapingRule

StatisticsRule -

StatisticsRuleFlags - Used internaly to represent the flags on a StatisticsRule

rulecondition_ensure_id(r)

Undocumented!

FwRule

Undocumented!

Inherits from: PLRule

Methods:
Ungrouped		cond_add(self, condition, operator, value) Adds a Condition to this rule
		disable(self) Disables this rule
		enable(self) Enables this rule
	`bool`	move_down(self) Move this rule down step up (to a higher position number) by swapping it
	`bool`	move_up(self) Move this rule one step up (to a lower position number) by swapping it with
		rename(self, newname) Rename the current rule
		update(self, **kwargs) Change properties of the firewall rule
Inherited from PLRule		cond_object_add(self, condition, objectid) Adds an object to a certain condition type
		cond_object_remove(self, condition, objectid) Removes an object from a certain condition type
		cond_remove(self, condition) Removes a Condition from this rule
		cond_set(self, condition, operator, objects) Updates a Condition in this rule

Class Variables:
__slots__

Properties:
action	Action when the rule matches
active	Is the rule active
attributes	Arbitrary key/value attributes stored for this rule
conditions	Dict with condition type as key, and corresponding Condition as value
creation_date	Date and time when this rule was created
creator	Username that created this rule
divert_iface	Interface to divert packets to when using FWRULE_ACTION_DIVERT
divert_label	Label to divert packets to when using FWRULE_ACTION_DIVERT
enrichobject	Zero or the id of a enrichobject.EnrichObject
id	id of rule
inject_data	The content that shall be injected for FWRULE_ACTION_INJECT rules
is_global	True if this rule is on a remote system
log	If True, hits to this rule is logged
log_level	0 = Off
machineid	Use of property 'machineid' is deprecated, use 'systemid' instead
modification_date	Date and time when this rule was last modified
modified_by	Username that last modified this rule
monitor_iface	If non zero, packets matching this rule will also be sent to the specified
monitor_label	Label to monitor packets to when monitor_iface is set to the index of the
name	Name of the rule
orderby
position
quick	State of quick property (True means that no more rules in the ruleset will
rewriteobject	Zero or the id of a rewriteobject.RewriteObject
rulecondition	rulecondition
systemid	System ID of the PacketLogic this rule belongs to
trigger	Empty string or name of a trigger

cond_add(self, condition, operator, value)

Adds a Condition to this rule

Parameters:

condition (int) - One of the following condition types
CONDITION_NETOBJECT_CLIENT CONDITION_NETOBJECT_SERVER CONDITION_NETOBJECT_HOST CONDITION_NETOBJECT_LOCAL CONDITION_PORTOBJECT_CLIENT CONDITION_PORTOBJECT_SERVER CONDITION_SERVICEOBJECT CONDITION_SERVICEOBJECT_BASE CONDITION_SYSTEMOBJECT CONDITION_TIMEOBJECT CONDITION_HOPLIMITOBJECT_OUT CONDITION_VLANIDOBJECT_LVL0 CONDITION_VLANIDOBJECT_LVL0_IN CONDITION_VLANIDOBJECT_LVL0_OUT CONDITION_VLANIDOBJECT_LVL1 CONDITION_VLANIDOBJECT_LVL1_IN CONDITION_VLANIDOBJECT_LVL1_OUT CONDITION_VLANIDOBJECT_LVL2 CONDITION_VLANIDOBJECT_LVL2_IN CONDITION_VLANIDOBJECT_LVL2_OUT CONDITION_VLANIDOBJECT_LVL3 CONDITION_VLANIDOBJECT_LVL3_IN CONDITION_VLANIDOBJECT_LVL3_OUT CONDITION_VLANPRIOOBJECT_LVL0 CONDITION_VLANPRIOOBJECT_LVL0_IN CONDITION_VLANPRIOOBJECT_LVL0_OUT CONDITION_VLANPRIOOBJECT_LVL1 CONDITION_VLANPRIOOBJECT_LVL1_IN CONDITION_VLANPRIOOBJECT_LVL1_OUT CONDITION_VLANPRIOOBJECT_LVL2 CONDITION_VLANPRIOOBJECT_LVL2_IN CONDITION_VLANPRIOOBJECT_LVL2_OUT CONDITION_VLANPRIOOBJECT_LVL3 CONDITION_VLANPRIOOBJECT_LVL3_IN CONDITION_VLANPRIOOBJECT_LVL3_OUT CONDITION_PROTOCOLOBJECT CONDITION_TIMEOBJECT CONDITION_BGPOBJECT CONDITION_PROPERTYOBJECT CONDITION_FLAGOBJECT CONDITION_MPLSOBJECT CONDITION_MPLSOBJECT_IN CONDITION_MPLSOBJECT_OUT CONDITION_DSCPOBJECT_IN CONDITION_DSCPOBJECT_OUT

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

value (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_add(self, condition, objectid)

Adds an object to a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_remove(self, condition, objectid)

Removes an object from a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_remove(self, condition)

Removes a Condition from this rule

Parameters:

condition (int) - Remove the condition type. (CONDITION_*)

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_set(self, condition, operator, objects)

Updates a Condition in this rule

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

objects (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

disable(self)

Disables this rule

enable(self)

Enables this rule

move_down(self)

Move this rule down step up (to a higher position number) by swapping it with the neighbouring rule. Returns False if at bottom allready, otherwise True.

Returns:

bool

Exceptions raised:

ValueError - If the rule is global.

ValueError - If the rule nolonger exists.

move_up(self)

Move this rule one step up (to a lower position number) by swapping it with the neighbouring rule. Returns False if at top allready, otherwise True.

Returns:

bool

Exceptions raised:

ValueError - If the rule is global.

rename(self, newname)

Rename the current rule.

destroys netobject cache

Parameters:

newname (str) - The name that the rule should have after rename process

update(self, **kwargs)

Change properties of the firewall rule. The following properties can be changed: action, quick, log_level, rewriteobject, enrichobject, monitor_iface, trigger

>>> rule.update(quick=True)
>>> rule.quick
True

>>> rule.update(action=r.FWRULE_ACTION_ACCEPT, log_level=2)
>>> rule.log_level
2

action

Action when the rule matches. See fwrule_add

active

Is the rule active. Changed with enable() and disable()

attributes

Arbitrary key/value attributes stored for this rule.

>>> r.attributes
{}
>>> r.attributes['test'] = "Arbitrary string value"
>>> r.attributes
{'test': "Arbitrary string value"}

conditions

Dict with condition type as key, and corresponding Condition as value. Changed with cond_add(), cond_set(), cond_remove(), cond_object_add() and cond_object_remove().

creation_date

Date and time when this rule was created

creator

Username that created this rule

divert_iface

Interface to divert packets to when using FWRULE_ACTION_DIVERT. See divert_iface_list.

divert_label

Label to divert packets to when using FWRULE_ACTION_DIVERT.

enrichobject

Zero or the id of a enrichobject.EnrichObject

id

id of rule

inject_data

The content that shall be injected for FWRULE_ACTION_INJECT rules. The content is usually a HTTP 307 redirect response.

is_global

True if this rule is on a remote system.

log

If True, hits to this rule is logged.

log_level

0 = Off. 1 = Brief. 2 = Verbose

machineid

Use of property 'machineid' is deprecated, use 'systemid' instead.

modification_date

Date and time when this rule was last modified

modified_by

Username that last modified this rule

monitor_iface

If non zero, packets matching this rule will also be sent to the specified monitor interface id.

monitor_label

Label to monitor packets to when monitor_iface is set to the index of the "Label" interface

name

Name of the rule. Changed with rename()

orderby

Undocumented!

position

Undocumented!

quick

State of quick property (True means that no more rules in the ruleset will be evaluated if this rule matches.)

rewriteobject

Zero or the id of a rewriteobject.RewriteObject

rulecondition

systemid

System ID of the PacketLogic this rule belongs to

trigger

Empty string or name of a trigger.

MonitorIface

Object representing a monitor interfaces.

Returned in a list by Ruleset.monitor_iface_list().

Properties:
description	Description of the monitor interface
id	Id number, used as argument to fwrule_add
iface	Name of the internal network interface
media	Network media type

description

Description of the monitor interface

id

Id number, used as argument to fwrule_add.

iface

Name of the internal network interface

media

Network media type

PLRule

Undocumented!

Methods:
Ungrouped		cond_add(self, condition, operator, value) Adds a Condition to this rule
		cond_object_add(self, condition, objectid) Adds an object to a certain condition type
		cond_object_remove(self, condition, objectid) Removes an object from a certain condition type
		cond_remove(self, condition) Removes a Condition from this rule
		cond_set(self, condition, operator, objects) Updates a Condition in this rule
		disable(self) Disables this rule
		enable(self) Enables this rule
		rename(self, newname) Rename the current rule

Class Variables:
Condition	Condition implementation

Properties:
active	Is the rule active
attributes	Arbitrary key/value attributes stored for this rule
conditions	Dict with condition type as key, and corresponding Condition as value
creation_date	Date and time when this rule was created
creator	Username that created this rule
id	id of rule
is_global	True if this rule is on a remote system
machineid	Use of property 'machineid' is deprecated, use 'systemid' instead
modification_date	Date and time when this rule was last modified
modified_by	Username that last modified this rule
name	Name of the rule
rulecondition	rulecondition
systemid	System ID of the PacketLogic this rule belongs to

cond_add(self, condition, operator, value)

Adds a Condition to this rule

Parameters:

condition (int) - One of the following condition types
CONDITION_NETOBJECT_CLIENT CONDITION_NETOBJECT_SERVER CONDITION_NETOBJECT_HOST CONDITION_NETOBJECT_LOCAL CONDITION_PORTOBJECT_CLIENT CONDITION_PORTOBJECT_SERVER CONDITION_SERVICEOBJECT CONDITION_SERVICEOBJECT_BASE CONDITION_SYSTEMOBJECT CONDITION_TIMEOBJECT CONDITION_HOPLIMITOBJECT_OUT CONDITION_VLANIDOBJECT_LVL0 CONDITION_VLANIDOBJECT_LVL0_IN CONDITION_VLANIDOBJECT_LVL0_OUT CONDITION_VLANIDOBJECT_LVL1 CONDITION_VLANIDOBJECT_LVL1_IN CONDITION_VLANIDOBJECT_LVL1_OUT CONDITION_VLANIDOBJECT_LVL2 CONDITION_VLANIDOBJECT_LVL2_IN CONDITION_VLANIDOBJECT_LVL2_OUT CONDITION_VLANIDOBJECT_LVL3 CONDITION_VLANIDOBJECT_LVL3_IN CONDITION_VLANIDOBJECT_LVL3_OUT CONDITION_VLANPRIOOBJECT_LVL0 CONDITION_VLANPRIOOBJECT_LVL0_IN CONDITION_VLANPRIOOBJECT_LVL0_OUT CONDITION_VLANPRIOOBJECT_LVL1 CONDITION_VLANPRIOOBJECT_LVL1_IN CONDITION_VLANPRIOOBJECT_LVL1_OUT CONDITION_VLANPRIOOBJECT_LVL2 CONDITION_VLANPRIOOBJECT_LVL2_IN CONDITION_VLANPRIOOBJECT_LVL2_OUT CONDITION_VLANPRIOOBJECT_LVL3 CONDITION_VLANPRIOOBJECT_LVL3_IN CONDITION_VLANPRIOOBJECT_LVL3_OUT CONDITION_PROTOCOLOBJECT CONDITION_TIMEOBJECT CONDITION_BGPOBJECT CONDITION_PROPERTYOBJECT CONDITION_FLAGOBJECT CONDITION_MPLSOBJECT CONDITION_MPLSOBJECT_IN CONDITION_MPLSOBJECT_OUT CONDITION_DSCPOBJECT_IN CONDITION_DSCPOBJECT_OUT

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

value (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_add(self, condition, objectid)

Adds an object to a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_remove(self, condition, objectid)

Removes an object from a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_remove(self, condition)

Removes a Condition from this rule

Parameters:

condition (int) - Remove the condition type. (CONDITION_*)

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_set(self, condition, operator, objects)

Updates a Condition in this rule

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

objects (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

disable(self)

Disables this rule

enable(self)

Enables this rule

rename(self, newname)

Rename the current rule.

destroys netobject cache

Parameters:

newname (str) - The name that the rule should have after rename process

active

Is the rule active. Changed with enable() and disable()

attributes

Arbitrary key/value attributes stored for this rule.

>>> r.attributes
{}
>>> r.attributes['test'] = "Arbitrary string value"
>>> r.attributes
{'test': "Arbitrary string value"}

conditions

Dict with condition type as key, and corresponding Condition as value. Changed with cond_add(), cond_set(), cond_remove(), cond_object_add() and cond_object_remove().

creation_date

Date and time when this rule was created

creator

Username that created this rule

id

id of rule

is_global

True if this rule is on a remote system.

machineid

Use of property 'machineid' is deprecated, use 'systemid' instead.

modification_date

Date and time when this rule was last modified

modified_by

Username that last modified this rule

name

Name of the rule. Changed with rename()

rulecondition

systemid

System ID of the PacketLogic this rule belongs to

ShapingRule

Undocumented!

Inherits from: PLRule

Methods:
Ungrouped		cond_add(self, condition, operator, value) Adds a Condition to this rule
		disable(self) Disables this rule
		enable(self) Enables this rule
		rename(self, newname) Rename the current rule
		set_flags(self, reset, *flags) Set or reset one or more of the flags of the shaping rule
		set_objects(self, objects) Sets list of shapingobjects in this rule
		update(self, priority=<object object at 0x7f0790b6b270>, precedence=<object object at 0x7f0790b6b270>, fair_factor=<object object at 0x7f0790b6b270>, rulecondition=<object object at 0x7f0790b6b270>, sc_override_schema=<object object at 0x7f0790b6b270>, sc_override_column_split=<object object at 0x7f0790b6b270>, sc_override_column_speed_in=<object object at 0x7f0790b6b270>, sc_override_column_speed_out=<object object at 0x7f0790b6b270>) Change properties of the shaping rule
Inherited from PLRule		cond_object_add(self, condition, objectid) Adds an object to a certain condition type
		cond_object_remove(self, condition, objectid) Removes an object from a certain condition type
		cond_remove(self, condition) Removes a Condition from this rule
		cond_set(self, condition, operator, objects) Updates a Condition in this rule

Class Variables:
__slots__	For internal use only.

Properties:
active	Is the rule active
attributes	Arbitrary key/value attributes stored for this rule
conditions	Dict with condition type as key, and corresponding Condition as value
creation_date	Date and time when this rule was created
creator	Username that created this rule
exclusive	This is an exclusive rule
fair_factor	Fairness factor
flags	Collection of flags on this rule
id	id of rule
is_global	True if this rule is on a remote system
machineid	Use of property 'machineid' is deprecated, use 'systemid' instead
max_connections	Property 'max_connections' on shapingrules are deprecated
modification_date	Date and time when this rule was last modified
modified_by	Username that last modified this rule
name	Name of the rule
objects	List of shaping objects in this rule
precedence	The precedence of the rule
priority	The priority of packets matching this rule
rulecondition	rulecondition
sc_override_column_speed_in
sc_override_column_speed_out
sc_override_column_split
sc_override_schema
stats	Enable statistics for traffic matching the rule
stats_local_vhosts	Enable separation of statistics into local vhosts
stats_netobjects	Enable separation of statistics into netobjects
stats_remote_vhosts	Enable separation of statistics into remote vhosts
stats_services	Enable separation of statistics into services
systemid	System ID of the PacketLogic this rule belongs to

cond_add(self, condition, operator, value)

Adds a Condition to this rule

Parameters:

condition (int) - One of the following condition types
CONDITION_NETOBJECT_CLIENT CONDITION_NETOBJECT_SERVER CONDITION_NETOBJECT_HOST CONDITION_NETOBJECT_LOCAL CONDITION_PORTOBJECT_CLIENT CONDITION_PORTOBJECT_SERVER CONDITION_SERVICEOBJECT CONDITION_SERVICEOBJECT_BASE CONDITION_SYSTEMOBJECT CONDITION_TIMEOBJECT CONDITION_HOPLIMITOBJECT_OUT CONDITION_VLANIDOBJECT_LVL0 CONDITION_VLANIDOBJECT_LVL0_IN CONDITION_VLANIDOBJECT_LVL0_OUT CONDITION_VLANIDOBJECT_LVL1 CONDITION_VLANIDOBJECT_LVL1_IN CONDITION_VLANIDOBJECT_LVL1_OUT CONDITION_VLANIDOBJECT_LVL2 CONDITION_VLANIDOBJECT_LVL2_IN CONDITION_VLANIDOBJECT_LVL2_OUT CONDITION_VLANIDOBJECT_LVL3 CONDITION_VLANIDOBJECT_LVL3_IN CONDITION_VLANIDOBJECT_LVL3_OUT CONDITION_VLANPRIOOBJECT_LVL0 CONDITION_VLANPRIOOBJECT_LVL0_IN CONDITION_VLANPRIOOBJECT_LVL0_OUT CONDITION_VLANPRIOOBJECT_LVL1 CONDITION_VLANPRIOOBJECT_LVL1_IN CONDITION_VLANPRIOOBJECT_LVL1_OUT CONDITION_VLANPRIOOBJECT_LVL2 CONDITION_VLANPRIOOBJECT_LVL2_IN CONDITION_VLANPRIOOBJECT_LVL2_OUT CONDITION_VLANPRIOOBJECT_LVL3 CONDITION_VLANPRIOOBJECT_LVL3_IN CONDITION_VLANPRIOOBJECT_LVL3_OUT CONDITION_PROTOCOLOBJECT CONDITION_TIMEOBJECT CONDITION_BGPOBJECT CONDITION_PROPERTYOBJECT CONDITION_FLAGOBJECT CONDITION_MPLSOBJECT CONDITION_MPLSOBJECT_IN CONDITION_MPLSOBJECT_OUT CONDITION_DSCPOBJECT_IN CONDITION_DSCPOBJECT_OUT

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

value (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_add(self, condition, objectid)

Adds an object to a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_remove(self, condition, objectid)

Removes an object from a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_remove(self, condition)

Removes a Condition from this rule

Parameters:

condition (int) - Remove the condition type. (CONDITION_*)

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_set(self, condition, operator, objects)

Updates a Condition in this rule

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

objects (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

disable(self)

Disables this rule

enable(self)

Enables this rule

rename(self, newname)

Rename the current rule.

destroys netobject cache

Parameters:

newname (str) - The name that the rule should have after rename process

set_flags(self, *reset, **flags)

Set or reset one or more of the flags of the shaping rule. You may also reset all flags with the single argument None, or clone an existing flags object. You may combine them.

You read the flags with e.g 'excl = myRule.flags.exclusive', but in the current version you can still access them the old way directly with e.g 'excl = myRule.exclusive'.

If only keyword argument(s) are used, only the specified flags will be affected. Use a trueish value to set the flag, or falseish value to reset it.

>>> shrule.set_flags(exclusive=1, stats=False)
>>> shrule.flags
ShapingRuleFlags(exclusive=True)

>>> shrule.flags.exclusive
True

>>> shrule.set_flags(None)
>>> shrule.flags
ShapingRuleFlags(None)

>>> shrule.set_flags(another_shrule)
>>> shrule.flags
ShapingRuleFlags(stats=True)

>>> shrule.set_flags(None, exclusive=True)
>>> shrule.flags
ShapingRuleFlags(exclusive=True)

set_objects(self, objects)

Sets list of shapingobjects in this rule

Parameters:

objects (list of int) - A list of ShapingObject IDs

update(self, priority=<object object at 0x7f0790b6b270>, precedence=<object object at 0x7f0790b6b270>, fair_factor=<object object at 0x7f0790b6b270>, rulecondition=<object object at 0x7f0790b6b270>, sc_override_schema=<object object at 0x7f0790b6b270>, sc_override_column_split=<object object at 0x7f0790b6b270>, sc_override_column_speed_in=<object object at 0x7f0790b6b270>, sc_override_column_speed_out=<object object at 0x7f0790b6b270>)

Change properties of the shaping rule.

active

Is the rule active. Changed with enable() and disable()

attributes

Arbitrary key/value attributes stored for this rule.

>>> r.attributes
{}
>>> r.attributes['test'] = "Arbitrary string value"
>>> r.attributes
{'test': "Arbitrary string value"}

conditions

Dict with condition type as key, and corresponding Condition as value. Changed with cond_add(), cond_set(), cond_remove(), cond_object_add() and cond_object_remove().

creation_date

Date and time when this rule was created

creator

Username that created this rule

exclusive

This is an exclusive rule.

fair_factor

Fairness factor.

flags

Collection of flags on this rule. Also see set_flags().

id

id of rule

is_global

True if this rule is on a remote system.

machineid

Use of property 'machineid' is deprecated, use 'systemid' instead.

max_connections

Property 'max_connections' on shapingrules are deprecated. Used on shapingobjects instead.

modification_date

Date and time when this rule was last modified

modified_by

Username that last modified this rule

name

Name of the rule. Changed with rename()

objects

List of shaping objects in this rule. Changed with set_objects().

precedence

The precedence of the rule.

priority

The priority of packets matching this rule.

rulecondition

sc_override_column_speed_in

Undocumented!

sc_override_column_speed_out

Undocumented!

sc_override_column_split

Undocumented!

sc_override_schema

Undocumented!

stats

Enable statistics for traffic matching the rule. You should use flags.stats

stats_local_vhosts

Enable separation of statistics into local vhosts. You should use flags.stats_local_vhosts

stats_netobjects

Enable separation of statistics into netobjects. You should use flags.stats_netobjects

stats_remote_vhosts

Enable separation of statistics into remote vhosts. You should use flags.stats_remote_vhosts

stats_services

Enable separation of statistics into services. You should use flags.stats_services

systemid

System ID of the PacketLogic this rule belongs to

ShapingRuleFlags

Used internaly to represent the flags on a ShapingRule.

Inherits from: BaseFlags

Methods:
Inherited from BaseFlags		items(self) Return a list of (prop, value) tuples, similar to dict.items()

Properties:
exclusive	This is an exclusive rule
stats	Enable collection of statistic on this rule
stats_local_vhosts	Collect statistics on Local VHosts
stats_netobjects	Collect statistics on NetObjects
stats_remote_vhosts	Collect statistics on Remote VHosts
stats_services	Collect statistics on Services

items(self)

Return a list of (prop, value) tuples, similar to dict.items().

exclusive

This is an exclusive rule.

stats

Enable collection of statistic on this rule

stats_local_vhosts

Collect statistics on Local VHosts

stats_netobjects

Collect statistics on NetObjects

stats_remote_vhosts

Collect statistics on Remote VHosts

stats_services

Collect statistics on Services

StatisticsRule

Undocumented!

Inherits from: PLRule

Methods:
Ungrouped		cond_add(self, condition, operator, value) Adds a Condition to this rule
		disable(self) Disables this rule
		enable(self) Enables this rule
		rename(self, newname) Rename the current rule
		set_flags(self, reset, *flags) Set or reset one or more of the flags of the statistics rule
		set_object(self, objectid) Sets statisticsobject used by this rule
		set_objects(self, statisticsobjects, ipfixobjects=None, flowobjects=None) Sets list of objects in this rule
		set_trafficobjects(self, trafficobjects) Sets list of traffic objects in this rule
		update(self, rulecondition=<object object at 0x7f0790b6b270>) Change properties of the statistics rule
Inherited from PLRule		cond_object_add(self, condition, objectid) Adds an object to a certain condition type
		cond_object_remove(self, condition, objectid) Removes an object from a certain condition type
		cond_remove(self, condition) Removes a Condition from this rule
		cond_set(self, condition, operator, objects) Updates a Condition in this rule

Class Variables:
__slots__	For internal use only.

Properties:
active	Is the rule active
attributes	Arbitrary key/value attributes stored for this rule
conditions	Dict with condition type as key, and corresponding Condition as value
creation_date	Date and time when this rule was created
creator	Username that created this rule
flags	Collection of flags on this rule
flowobjects	List of flow objects in this rule
id	id of rule
ipfixobjects	List of ipfix objects in this rule
is_global	True if this rule is on a remote system
machineid	Use of property 'machineid' is deprecated, use 'systemid' instead
modification_date	Date and time when this rule was last modified
modified_by	Username that last modified this rule
name	Name of the rule
objectid	Id number of statistics object used in this rule
objects	List of statistics objects in this rule
rulecondition	rulecondition
statisticsobjects	List of statistics objects in this rule
systemid	System ID of the PacketLogic this rule belongs to
trafficobjects	List of traffic objects in this rule

cond_add(self, condition, operator, value)

Adds a Condition to this rule

Parameters:

condition (int) - One of the following condition types
CONDITION_NETOBJECT_CLIENT CONDITION_NETOBJECT_SERVER CONDITION_NETOBJECT_HOST CONDITION_NETOBJECT_LOCAL CONDITION_PORTOBJECT_CLIENT CONDITION_PORTOBJECT_SERVER CONDITION_SERVICEOBJECT CONDITION_SERVICEOBJECT_BASE CONDITION_SYSTEMOBJECT CONDITION_TIMEOBJECT CONDITION_HOPLIMITOBJECT_OUT CONDITION_VLANIDOBJECT_LVL0 CONDITION_VLANIDOBJECT_LVL0_IN CONDITION_VLANIDOBJECT_LVL0_OUT CONDITION_VLANIDOBJECT_LVL1 CONDITION_VLANIDOBJECT_LVL1_IN CONDITION_VLANIDOBJECT_LVL1_OUT CONDITION_VLANIDOBJECT_LVL2 CONDITION_VLANIDOBJECT_LVL2_IN CONDITION_VLANIDOBJECT_LVL2_OUT CONDITION_VLANIDOBJECT_LVL3 CONDITION_VLANIDOBJECT_LVL3_IN CONDITION_VLANIDOBJECT_LVL3_OUT CONDITION_VLANPRIOOBJECT_LVL0 CONDITION_VLANPRIOOBJECT_LVL0_IN CONDITION_VLANPRIOOBJECT_LVL0_OUT CONDITION_VLANPRIOOBJECT_LVL1 CONDITION_VLANPRIOOBJECT_LVL1_IN CONDITION_VLANPRIOOBJECT_LVL1_OUT CONDITION_VLANPRIOOBJECT_LVL2 CONDITION_VLANPRIOOBJECT_LVL2_IN CONDITION_VLANPRIOOBJECT_LVL2_OUT CONDITION_VLANPRIOOBJECT_LVL3 CONDITION_VLANPRIOOBJECT_LVL3_IN CONDITION_VLANPRIOOBJECT_LVL3_OUT CONDITION_PROTOCOLOBJECT CONDITION_TIMEOBJECT CONDITION_BGPOBJECT CONDITION_PROPERTYOBJECT CONDITION_FLAGOBJECT CONDITION_MPLSOBJECT CONDITION_MPLSOBJECT_IN CONDITION_MPLSOBJECT_OUT CONDITION_DSCPOBJECT_IN CONDITION_DSCPOBJECT_OUT

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

value (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_add(self, condition, objectid)

Adds an object to a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_object_remove(self, condition, objectid)

Removes an object from a certain condition type

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

objectid (int) - The id property of the suitable plobject.PLObject implementation.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_remove(self, condition)

Removes a Condition from this rule

Parameters:

condition (int) - Remove the condition type. (CONDITION_*)

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

cond_set(self, condition, operator, objects)

Updates a Condition in this rule

Parameters:

condition (int) - The condition type to modify. (CONDITION_*)

operator (int) - One of CONDITION_OP_EQ (equals) or CONDITION_OP_NE (not equals)

objects (list of int) - A list of id's from the type chosen in the condition argument.

This function is deprecated in v16.0+. Consider using appropriate function for Ruleconditions in Ruleset class instead.

disable(self)

Disables this rule

enable(self)

Enables this rule

rename(self, newname)

Rename the current rule.

destroys netobject cache

Parameters:

newname (str) - The name that the rule should have after rename process

set_flags(self, *reset, **flags)

Set or reset one or more of the flags of the statistics rule.

set_object(self, objectid)

Sets statisticsobject used by this rule

set_objects(self, statisticsobjects, ipfixobjects=None, flowobjects=None)

Sets list of objects in this rule

Parameters:

statisticsobjects (list of int) - A list of StatisticsObject IDs

ipfixobjects (list of int ) -

flowobjects (list of int) - A list of FlowObject IDs

ipfixobjects (deprecated) () - A list of IpfixObject IDs

Exceptions raised:

PLDBUnsupportedInFirmware - If this function is called without firmware support.

This function requires firmware v15.0 or newer

set_trafficobjects(self, trafficobjects)

Sets list of traffic objects in this rule

Parameters:

trafficobjects (list of int) - A list of TrafficObject IDs

Exceptions raised:

PLDBUnsupportedInFirmware - If this function is called without firmware support.

This function requires firmware v22.xx or newer

update(self, rulecondition=<object object at 0x7f0790b6b270>)

Change properties of the statistics rule.

active

Is the rule active. Changed with enable() and disable()

attributes

Arbitrary key/value attributes stored for this rule.

>>> r.attributes
{}
>>> r.attributes['test'] = "Arbitrary string value"
>>> r.attributes
{'test': "Arbitrary string value"}

conditions

Dict with condition type as key, and corresponding Condition as value. Changed with cond_add(), cond_set(), cond_remove(), cond_object_add() and cond_object_remove().

creation_date

Date and time when this rule was created

creator

Username that created this rule

flags

Collection of flags on this rule. Also see set_flags().

flowobjects

List of flow objects in this rule.

id

id of rule

ipfixobjects

List of ipfix objects in this rule.

is_global

True if this rule is on a remote system.

machineid

Use of property 'machineid' is deprecated, use 'systemid' instead.

modification_date

Date and time when this rule was last modified

modified_by

Username that last modified this rule

name

Name of the rule. Changed with rename()

objectid

Id number of statistics object used in this rule.

This property is deprecated, instead use the objects plrule.StatisticsRule.objects property.

objects

List of statistics objects in this rule. Changed with set_objects().

rulecondition

statisticsobjects

List of statistics objects in this rule. Changed with set_objects().

systemid

System ID of the PacketLogic this rule belongs to

trafficobjects

List of traffic objects in this rule.

StatisticsRuleFlags

Used internaly to represent the flags on a StatisticsRule.

Inherits from: BaseFlags

Methods:
Inherited from BaseFlags		items(self) Return a list of (prop, value) tuples, similar to dict.items()

Properties:
connlog	Connlog enabled on this rule
cyber_threat	Insights Cyber Threat Analysis enabled on this rule
insights_traffic	Insights traffic enabled on this rule

items(self)

Return a list of (prop, value) tuples, similar to dict.items().

connlog

Connlog enabled on this rule

cyber_threat

Insights Cyber Threat Analysis enabled on this rule

insights_traffic

Insights traffic enabled on this rule