Filtering Rules

class activelogic.FilteringRuleAction

Defines a set of constants for actions the rule can apply.

  • ACCEPT – Pass the traffic.

  • REJECT – Send a reject response.

  • DROP – Silently drop the traffic.

  • REWRITE – Rewrite packets using the designated RewriteObject.

  • DIVERT – Divert the traffic.

  • INJECT – Inject content into the connection.

  • ENRICH – Enrich the packet header using the designated EnrichObject.

  • ACCEPT_STATEFUL – Treat connections like address/port-restricted connections.

  • ACCEPT_STATEFUL_EIF – Treat connections like full cone connections.

class activelogic.FilteringRule

Object representing a filtering rule.

  • name (str) – Name of the rule.

  • id (int) – Id of the rule.

  • action (FilteringRuleAction) – What action the rule shall apply.

  • active (bool) – Determines if rule is active or not.

  • quick (bool) – If set to True, rule evaluation will terminate when this rule matches.

  • rewriteobject (int) – Id of the RewriteObject that shall be applied to the traffic matching the rule.

  • enrichobject (int) – Id of the EnrichObject that shall be applied to the traffic matching the rule.

  • divert_label (str) – Divert label to use.

  • inject_data (str) – Content that is injected into connections matching the rule.

  • log (int) – Level of logging (0 = off, 1 = brief, 2 = verbose).

  • monitor_iface (int) – Monitor interface, packets matching this rule will be sent to.

  • monitor_label (str) – Monitor label.

  • trigger (str) – Filtering trigger script that shall be set off when the rule matches.

  • position (int) – The rule’s position in the ruleset.

  • condition (int) – Id of the Condition with the objects that traffic must match to match the rule.

Filtering rules are used to filter packets and connections based on information extracted from the IP stack.

position determines the order in which the filtering rules are evaluated. New rules are always added to the end of this list. To swap the evaluation position of rules, use Ruleset.filtering_position_swap().

If monitor_iface is non-zero, the packets matching the rule will be sent to the MonitorInterface the specified id refers to. Use Ruleset.list() to list available monitoring interfaces on the system. If monitoring interface is “label”, monitor_label also could be given.


Do not use a monitor interface when matching traffic can be expected to exceed 1Gbps.

Some parameters are applicable only for a specific action:

  • rewriteobject only if REWRITE.

  • enrichobject only if ENRICH.

  • divert_label only if DIVERT.

  • inject_data only if INJECT.

>>> iface = [i for i in rs.list(MonitorInterface) if i.description == 'PCAP Writer'][0]
>>> no = rs.add(NetObject('mynw', items=['']))
>>> cond = rs.add(Condition(items=[(ConditionType.NETOBJECT_LOCAL, no)]))
>>> rule = rs.add(FilteringRule('to_pcap',
...     FilteringRuleAction.ACCEPT,
...     log=2,
...     monitor_iface=iface,
...     condition=cond))
async Ruleset.filtering_position_swap(obj1, obj2)

Swap position of two Filtering Rules.

class activelogic.MonitorInterface

Object representing a monitor interface.

  • id (int) – Interface id.

  • name (str) – Interface name.

  • description (str) – Interface description.

  • media (ChannelMedia) – Interface channel media.