Re: feature request - Taylor, Grant

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: `VL <vl.homutov@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: feature request
Date: Thu, 14 Apr 2005 13:18:29 -0500	[thread overview]
Message-ID: <425EB3F5.5020003@riverviewtech.net> (raw)
In-Reply-To: <aec22fc50504140950949956c@mail.gmail.com>

> more? Why not return failure and say "rule already loaded?" It`s not a
> critic, i just want to understand why i can need more than 1 same rule
> for 1 chain.

I'm just guessing here but I'd be willing to bet that the actual kernel space of IPTables is more like a database that gets traversed in kernel space.  The iptables command line tool is probably a user land space tool for listing, inserting, updating, and deleting entries in that database.  I'd say that to make things simpler the kernel does not do any checking to make sure that a rule is distinct as there is no harm in having multiple identical rules saver for the fact that it is an additional rule to traverse.  The iptables command line tool was not written to do any checking either as it is not required and this would probably complicate things quite a bit more.

> So, i`d prefer to write something simular to init scripts, when i have
> to remember state of each loaded rule: is it loaded or not. But here
> there are other problems: what if i manually add/delete rule? this
> should not happen if i have 'my super system', but it`s life... so
> again i have to reinvent wheel.

You might try taking a look at iptables-save and iptables-restore respectively.  From the output of iptables-save it looks like all the lines that it generates would go directly after the iptables command.  I.e. if you would normally type:

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

You would see the following in the iptables-save output:

-A FORWARD -i eth0 -o eth1 -j ACCEPT

I'd be willing to bet that it is easier to parse this output than the normal iptables output for what you are doing.  Take a look at it and see if it will work for you.

Grant. . . .

next prev parent reply	other threads:[~2005-04-14 18:18 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-14 16:50 feature request `VL
2005-04-14 18:18 ` Taylor, Grant [this message]
2005-04-14 18:37   ` Leonardo Rodrigues Magalhães
2005-04-14 18:52     ` Taylor, Grant
  -- strict thread matches above, loose matches on Subject: below --
2024-06-20 12:58 Feature Request Clement Sello Tsetsa
2024-06-20 13:29 ` rsbecker
2016-10-27 21:55 feature request John Rood
2016-10-27 22:01 ` Stefan Beller
2016-10-27 22:05   ` John Rood
2016-10-27 22:24     ` John Rood
2016-10-27 22:27       ` Junio C Hamano
2016-10-27 22:48         ` John Rood
2016-10-27 22:51           ` Junio C Hamano
2016-10-27 23:16             ` John Rood
2016-10-27 22:30 ` Stefan Beller
2016-10-27 22:44   ` John Rood
2016-10-27 22:46     ` Junio C Hamano
2016-10-27 23:24     ` David Lang
2016-10-28  8:49       ` Johannes Schindelin
2016-10-28 12:54       ` Philip Oakley
2013-02-18 18:52 Jay Townsend
2013-02-18 19:54 ` James Nylen
2013-02-18 20:45   ` Jeff King
2013-02-19  3:26     ` Drew Northup
2013-02-19 22:27     ` Shawn Pearce
2012-10-16 11:36 Angelo Borsotti
2012-10-16 12:15 ` Andrew Ardill
2012-10-16 17:27   ` Angelo Borsotti
2012-10-16 23:30     ` Sitaram Chamarty
2012-10-17  0:00     ` Andrew Ardill
2012-10-16 13:34 ` Christian Thaeter
2010-02-09  8:43 Feature Request Stefan *St0fF* Huebner
2010-02-09 12:28 ` Michael Tokarev
2010-02-09 14:19   ` Stefan Hübner
2008-09-09  9:49 l5ynlwlcyku9kvaqc2jf.j.HadVabVobs
2003-08-23  7:51 Pentium 4m kernel 2.4.21 Martin Klinkigt (multimedia-test)
2003-08-23  9:49 ` Viktor Radnai
2003-08-23 10:50   ` Feature request (was: Pentium 4m kernel 2.4.21) Viktor Radnai
2003-08-26 23:10     ` Dominik Brodowski
2003-08-27 17:16       ` Feature request Viktor Radnai
2003-08-28 13:50         ` Dominik Brodowski
2003-08-28 16:04           ` Daniel Thor Kristjansson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=425EB3F5.5020003@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    --cc=vl.homutov@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.