From: "Jonathan" <jonathan@jonathan.abda.net>
To: netfilter@lists.netfilter.org
Subject: Re: ways to lookup or query rules?
Date: Tue, 5 Oct 2004 22:27:58 -0600 [thread overview]
Message-ID: <001b01c4ab5c$df6c8ab0$2001a8c0@mantis> (raw)
In-Reply-To: 20041006033804.67518.qmail@web50903.mail.yahoo.com
Thanks for the tip Jinsuk. That will save me some time messing around with
things.
It'll be unfortunately crude (especially in a script that is to be run every
minute), but it'll have to do.
Maybe queries/lookups are something for the future development of iptables?
It may not seem like something useful right now, but I bet once people had
the option,
they'd wonder how they lived without it.
(or as an old friend said, "it's kind of like a labotomy: once you've had
one *you don't know how you
ever lived without it*")
Jonathan
----- Original Message -----
From: "J Kim" <jindor@yahoo.com>
To: "Jonathan" <jonathan@jonathan.abda.net>
Cc: <netfilter@lists.netfilter.org>
Sent: Tuesday, October 05, 2004 9:38 PM
Subject: Re: ways to lookup or query rules?
> Well, as far as I know there's no facility for lookup or query. I would
take
> the same approach as you do. One slight improvement is use iptables-save
> instead of -l option. The output of the former command looks better in
that its
> format is much closer to what you key in.
>
> Personally I put another layer between my code and iptables so that all
the
> iptables-related commands will go through it, letting it take care of the
> chores.
>
> Jinsuk Kim
>
> --- Jonathan <jonathan@jonathan.abda.net> wrote:
>
> > Hi, if this is a classic case of RTFM go ahead and shoot me.
> >
> > Is there an option or a command to look up rules in your iptables,
> > especially if there's the ability to search by rulenumber or some
> > kind of key?
> >
> > The only solution I've seen so far, is to use the -l option, capture the
> > output, and then process it, but that's a very dirty solution.
> > I'm writing a script that needs to update the iptables automatically,
and I
> > assume it needs to know whether ot use the add or update
> > option by verifying whether a rule exists, in order to decide whether to
> > update the rule, or add a new one.
> >
> > Jonathan
> >
> >
> >
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
next prev parent reply other threads:[~2004-10-06 4:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-06 3:24 ways to lookup or query rules? Jonathan
2004-10-06 3:38 ` J Kim
2004-10-06 4:27 ` Jonathan [this message]
2004-10-06 7:41 ` Craig Steadman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001b01c4ab5c$df6c8ab0$2001a8c0@mantis' \
--to=jonathan@jonathan.abda.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.