- class activelogic.FilteringRuleAction
Defines a set of constants for actions the rule can apply.
ACCEPT – Pass the traffic.
REJECT – Send a reject response.
DROP – Silently drop the traffic.
REWRITE – Rewrite packets using the designated RewriteObject.
DIVERT – Divert the traffic.
INJECT – Inject content into the connection.
ENRICH – Enrich the packet header using the designated EnrichObject.
- class activelogic.FilteringRule
Object representing a filtering rule.
name (str) – Name of the rule.
id (int) – Id of the rule.
action (FilteringRuleAction) – What action the rule shall apply.
active (bool) – Determines if rule is active or not.
quick (bool) – If set to
True, rule evaluation will terminate when this rule matches.
rewriteobject (int) – Id of the RewriteObject that shall be applied to the traffic matching the rule.
enrichobject (int) – Id of the EnrichObject that shall be applied to the traffic matching the rule.
divert_label (str) – Divert label to use.
inject_data (str) – Content that is injected into connections matching the rule.
log (int) – Level of logging (0 = off, 1 = brief, 2 = verbose).
monitor_iface (int) – Monitor interface, packets matching this rule will be sent to.
monitor_label (str) – Monitor label.
trigger (str) – Filtering trigger script that shall be set off when the rule matches.
position (int) – The rule’s position in the ruleset.
condition (int) – Id of the
Conditionwith the objects that traffic must match to match the rule.
Filtering rules are used to filter packets and connections based on information extracted from the IP stack.
position determines the order in which the filtering rules are evaluated. New rules are always added to the end of this list. To swap the evaluation position of rules, use
If monitor_iface is non-zero, the packets matching the rule will be sent to the
MonitorInterfacethe specified id refers to. Use
Ruleset.list()to list available monitoring interfaces on the system. If monitoring interface is “label”, monitor_label also could be given.
Do not use a monitor interface when matching traffic can be expected to exceed 1Gbps.
Some parameters are applicable only for a specific action:
rewriteobject only if REWRITE.
enrichobject only if ENRICH.
divert_label only if DIVERT.
inject_data only if INJECT.
>>> iface = [i for i in rs.list(MonitorInterface) if i.description == 'PCAP Writer'] >>> no = rs.add(NetObject('mynw', items=['126.96.36.199/24'])) >>> cond = rs.add(Condition(items=[(ConditionType.NETOBJECT_LOCAL, no)])) >>> rule = rs.add(FilteringRule('to_pcap', ... FilteringRuleAction.ACCEPT, ... log=2, ... monitor_iface=iface, ... condition=cond))
- async Ruleset.filtering_position_swap(obj1, obj2)
Swap position of two Filtering Rules.