iptables.py: completely replace ipt script.

Doing it in python instead of shell makes the code a bit less error prone. Plus we can parse the iptables output and avoid triggering iptables errors.
2025-08-09 23:57:36 +02:00 · 2010-05-01 21:30:59 -04:00
parent 8278dcfb5d
commit ad459e2918
4 changed files with 65 additions and 41 deletions
--- a/client.py
+++ b/client.py
@ -21,16 +21,7 @@ def iptables_setup(port, subnets):
        raise Exception('%r returned %d' % (argv, rv))


-def main(listenip, remotename, subnets):
-    log('Starting sshuttle proxy.\n')
-    listener = socket.socket()
-    listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    listener.bind(listenip)
-    listener.listen(10)
-    log('Listening on %r.\n' % (listener.getsockname(),))
-
-    iptables_setup(listenip[1], subnets)
-
+def _main(listener, remotename, subnets):
    handlers = []
    def onaccept():
        sock,srcip = listener.accept()
@ -61,3 +52,19 @@ def main(listenip, remotename, subnets):
        for s in handlers:
            if s.socks & ready:
                s.callback()
+
+
+def main(listenip, remotename, subnets):
+    log('Starting sshuttle proxy.\n')
+    listener = socket.socket()
+    listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    listener.bind(listenip)
+    listener.listen(10)
+    log('Listening on %r.\n' % (listener.getsockname(),))
+
+    iptables_setup(listenip[1], subnets)
+
+    try:
+        return _main(listener, remotename, subnets)
+    finally:
+        iptables_setup(listenip[1], [])