-
---[[
-IptParser.find( args )
-
-Find all firewall rules that match the given criteria. Expects a table with search criteria as only argument.
-If args is nil or an empty table then all rules will be returned.
-
-The following keys in the args table are recognized:
-
- - table Match rules that are located within the given table
- - chain Match rules that are located within the given chain
- - target Match rules with the given target
- - protocol Match rules that match the given protocol, rules with protocol "all" are always matched
- - source Match rules with the given source, rules with source "0.0.0.0/0" are always matched
- - destination Match rules with the given destination, rules with destination "0.0.0.0/0" are always matched
- - inputif Match rules with the given input interface, rules with input interface "*" (=all) are always matched
- - outputif Match rules with the given output interface, rules with output interface "*" (=all) are always matched
- - flags Match rules that match the given flags, current supported values are "-f" (--fragment) and "!f" (! --fragment)
- - options Match rules containing all given options
-
-The return value is a list of tables representing the matched rules.
-Each rule table contains the following fields:
-
- - index The index number of the rule
- - table The table where the rule is located, can be one of "filter", "nat" or "mangle"
- - chain The chain where the rule is located, e.g. "INPUT" or "postrouting_wan"
- - target The rule target, e.g. "REJECT" or "DROP"
- - protocol The matching protocols, e.g. "all" or "tcp"
- - flags Special rule options ("--", "-f" or "!f")
- - inputif Input interface of the rule, e.g. "eth0.0" or "*" for all interfaces
- - outputif Output interface of the rule, e.g. "eth0.0" or "*" for all interfaces
- - source The source ip range, e.g. "0.0.0.0/0"
- - destination The destination ip range, e.g. "0.0.0.0/0"
- - options A list of specific options of the rule, e.g. { "reject-with", "tcp-reset" }
- - packets The number of packets matched by the rule
- - bytes The number of total bytes matched by the rule
-
-Example:
-
-ip = luci.sys.iptparser.IptParser()
-result = ip.find( {
- target="REJECT",
- protocol="tcp",
- options={ "reject-with", "tcp-reset" }
-} )
-
-This will match all rules with target "-j REJECT", protocol "-p tcp" (or "-p all") and the option "--reject-with tcp-reset".
-
-]]--
-
+--- Find all firewall rules that match the given criteria. Expects a table with
+-- search criteria as only argument. If args is nil or an empty table then all
+-- rules will be returned.
+--
+-- The following keys in the args table are recognized:
+-- <ul>
+-- <li> table - Match rules that are located within the given table
+-- <li> chain - Match rules that are located within the given chain
+-- <li> target - Match rules with the given target
+-- <li> protocol - Match rules that match the given protocol, rules with
+-- protocol "all" are always matched
+-- <li> source - Match rules with the given source, rules with source
+-- "0.0.0.0/0" (::/0) are always matched
+-- <li> destination - Match rules with the given destination, rules with
+-- destination "0.0.0.0/0" (::/0) are always matched
+-- <li> inputif - Match rules with the given input interface, rules
+-- with input interface "*" (=all) are always matched
+-- <li> outputif - Match rules with the given output interface, rules
+-- with output interface "*" (=all) are always matched
+-- <li> flags - Match rules that match the given flags, current
+-- supported values are "-f" (--fragment)
+-- and "!f" (! --fragment)
+-- <li> options - Match rules containing all given options
+-- </ul>
+-- The return value is a list of tables representing the matched rules.
+-- Each rule table contains the following fields:
+-- <ul>
+-- <li> index - The index number of the rule
+-- <li> table - The table where the rule is located, can be one
+-- of "filter", "nat" or "mangle"
+-- <li> chain - The chain where the rule is located, e.g. "INPUT"
+-- or "postrouting_wan"
+-- <li> target - The rule target, e.g. "REJECT" or "DROP"
+-- <li> protocol The matching protocols, e.g. "all" or "tcp"
+-- <li> flags - Special rule options ("--", "-f" or "!f")
+-- <li> inputif - Input interface of the rule, e.g. "eth0.0"
+-- or "*" for all interfaces
+-- <li> outputif - Output interface of the rule,e.g. "eth0.0"
+-- or "*" for all interfaces
+-- <li> source - The source ip range, e.g. "0.0.0.0/0" (::/0)
+-- <li> destination - The destination ip range, e.g. "0.0.0.0/0" (::/0)
+-- <li> options - A list of specific options of the rule,
+-- e.g. { "reject-with", "tcp-reset" }
+-- <li> packets - The number of packets matched by the rule
+-- <li> bytes - The number of total bytes matched by the rule
+-- </ul>
+-- Example:
+-- <pre>
+-- ip = luci.sys.iptparser.IptParser()
+-- result = ip.find( {
+-- target="REJECT",
+-- protocol="tcp",
+-- options={ "reject-with", "tcp-reset" }
+-- } )
+-- </pre>
+-- This will match all rules with target "-j REJECT",
+-- protocol "-p tcp" (or "-p all")
+-- and the option "--reject-with tcp-reset".
+-- @params args Table containing the search arguments (optional)
+-- @return Table of matching rule tables