RE: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx

All of lore.kernel.org
 help / color / mirror / Atom feed

* RE: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
@ 2002-07-01  6:20 George Vieira
  2002-07-01  6:29 ` Jack Bowling
  2002-07-01 14:42 ` Joe Patterson
  0 siblings, 2 replies; 6+ messages in thread
From: George Vieira @ 2002-07-01  6:20 UTC (permalink / raw)
  To: 'netfilter@lists.samba.org'

problem is that sometimes the rule list can be a very long table and I'm
using it in conjunction with MRTG to graph the byte values. So you can
imagine how slow MRTG completes and how much CPU is used by continuous
grepping can be..

At the moment I've written scripts in PHP to do what I need and works but
netfilter should be able to redo their source and imitate the "-D INPUT"
(example) routine to the "-L INPUT" command and instead of deleting the rule
it (-L)ists it... can't be that hard.. though I'm not a C coder..

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au

-----Original Message-----
From: Jack Bowling 

I would just try the tried and true grep:

iptables -L TABLE -n -v | grep "-d x.x.x.x --dport x -i ethx"

jb

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
  2002-07-01  6:20 iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx George Vieira
@ 2002-07-01  6:29 ` Jack Bowling
  2002-07-01 14:42 ` Joe Patterson
  1 sibling, 0 replies; 6+ messages in thread
From: Jack Bowling @ 2002-07-01  6:29 UTC (permalink / raw)
  To: netfilter

** Reply to message from George Vieira <GeorgeV@citadelcomputer.com.au> on Mon, 01 Jul 2002 16:20:14 +1000


> problem is that sometimes the rule list can be a very long table and I'm
> using it in conjunction with MRTG to graph the byte values. So you can
> imagine how slow MRTG completes and how much CPU is used by continuous
> grepping can be..
> 
> At the moment I've written scripts in PHP to do what I need and works but
> netfilter should be able to redo their source and imitate the "-D INPUT"
> (example) routine to the "-L INPUT" command and instead of deleting the rule
> it (-L)ists it... can't be that hard.. though I'm not a C coder..

I like that idea, George. But then IANAC (I am not a coder), too.

jb


^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
  2002-07-01  6:20 iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx George Vieira
  2002-07-01  6:29 ` Jack Bowling
@ 2002-07-01 14:42 ` Joe Patterson
  1 sibling, 0 replies; 6+ messages in thread
From: Joe Patterson @ 2002-07-01 14:42 UTC (permalink / raw)
  To: George Vieira, netfilter

There are a few things that could help to make this faster for you.  One,
start with an iptables -vnL TABLE > temp.file, then grep the file.  Second,
which you may very well already be doing, make sure you're using grep -F, or
that you are escaping every special character.  Otherwise, all the '.'s that
make up ip addresses create a much more complex regex than you probably
want.  alternatively, if you've got a fairly stable table, use
the --line-numbers option and then grep for "^$LINE_NUMBER ", which should
be a fairly fast search.



> -----Original Message-----
> From: netfilter-admin@lists.samba.org
> [mailto:netfilter-admin@lists.samba.org]On Behalf Of George Vieira
> Sent: Monday, July 01, 2002 2:20 AM
> To: 'netfilter@lists.samba.org'
> Subject: RE: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
>
>
> problem is that sometimes the rule list can be a very long table and I'm
> using it in conjunction with MRTG to graph the byte values. So you can
> imagine how slow MRTG completes and how much CPU is used by continuous
> grepping can be..
>
> At the moment I've written scripts in PHP to do what I need and works but
> netfilter should be able to redo their source and imitate the "-D INPUT"
> (example) routine to the "-L INPUT" command and instead of
> deleting the rule
> it (-L)ists it... can't be that hard.. though I'm not a C coder..
>
> thanks,
> George Vieira
> Systems Manager
> Citadel Computer Systems P/L
> http://www.citadelcomputer.com.au
>
>
>
> -----Original Message-----
> From: Jack Bowling
>
> I would just try the tried and true grep:
>
> iptables -L TABLE -n -v | grep "-d x.x.x.x --dport x -i ethx"
>
> jb
>
>
>



^ permalink raw reply	[flat|nested] 6+ messages in thread

* iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
@ 2002-07-01  3:49 George Vieira
  2002-07-01  6:13 ` Jack Bowling
  2002-07-01  6:18 ` Patrick Schaaf
  0 siblings, 2 replies; 6+ messages in thread
From: George Vieira @ 2002-07-01  3:49 UTC (permalink / raw)
  To: 'netfilter@lists.samba.org'

Hi all,

First post to the list and forgive me if someone's asked this before (I
tried the archives)...

Can the above command actually work or is there a way to print just 1 rule
that matches as I tried something similar to what's shown above and it
doesn't like it.. go figure.

Am I doing it wrong or does it not support it in iptables? At the moment I
have to keep greping the rule I need to check.. is there a better way?

thanks,
George Vieira

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
  2002-07-01  3:49 George Vieira
@ 2002-07-01  6:13 ` Jack Bowling
  2002-07-01  6:18 ` Patrick Schaaf
  1 sibling, 0 replies; 6+ messages in thread
From: Jack Bowling @ 2002-07-01  6:13 UTC (permalink / raw)
  To: netfilter

** Reply to message from George Vieira <GeorgeV@citadelcomputer.com.au> on Mon, 01 Jul 2002 13:49:04 +1000


> Hi all,
> 
> First post to the list and forgive me if someone's asked this before (I
> tried the archives)...
> 
> Can the above command actually work or is there a way to print just 1 rule
> that matches as I tried something similar to what's shown above and it
> doesn't like it.. go figure.
> 
> Am I doing it wrong or does it not support it in iptables? At the moment I
> have to keep greping the rule I need to check.. is there a better way?

I would just try the tried and true grep:

iptables -L TABLE -n -v | grep "-d x.x.x.x --dport x -i ethx"

jb


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx
  2002-07-01  3:49 George Vieira
  2002-07-01  6:13 ` Jack Bowling
@ 2002-07-01  6:18 ` Patrick Schaaf
  1 sibling, 0 replies; 6+ messages in thread
From: Patrick Schaaf @ 2002-07-01  6:18 UTC (permalink / raw)
  To: George Vieira; +Cc: 'netfilter@lists.samba.org'

> Am I doing it wrong or does it not support it in iptables?

It is not supported.

> At the moment I have to keep greping the rule I need to check..

Yes.

> is there a better way?

No.

best regards
  Patrick


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2002-07-01 14:42 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-07-01  6:20 iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx George Vieira
2002-07-01  6:29 ` Jack Bowling
2002-07-01 14:42 ` Joe Patterson
  -- strict thread matches above, loose matches on Subject: below --
2002-07-01  3:49 George Vieira
2002-07-01  6:13 ` Jack Bowling
2002-07-01  6:18 ` Patrick Schaaf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.