IPQ – userspace firewall

Netlink family for dealing with QUEUE iptables target. All the packets routed to the target QUEUE should be handled by a userspace program and the program should response with a verdict. E.g., the verdict can be NF_DROP and in that case the packet will be silently dropped, or NF_ACCEPT, and the packet will be pass the rule.

class pyroute2.netlink.ipq.IPQSocket(family=16, port=None, pid=None)

Low-level socket interface. Provides all the usual socket does, can be used in poll/select, doesn’t create any implicit threads.

bind(mode=2)

Bind the socket and performs IPQ mode configuration. The only parameter is mode, the default value is IPQ_COPY_PACKET (copy all the packet data).

verdict(seq, v)

Issue a verdict v for a packet seq.

Previous topic

RTNetlink: network setup

Next topic

Nfnetlink

This Page