From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: iptables resources consumed
Date: Mon, 07 Jul 2008 10:04:32 -0500 [thread overview]
Message-ID: <48723080.6070302@riverviewtech.net> (raw)
In-Reply-To: <VPOP31.4.0e.20080707110152.031.c.1.00149acd@matrixindia>
On 07/07/08 00:32, Elison Niven wrote:
> Hi,
Morning.
> My main application will know these IP addresses and port numbers
> through the negotiation. Once the negotiation is done actual RTP data
> will flow to and from the DSPs and this data has to sent from eth0 to
> eth2 and from eth2 to eth0.
Ok...
> After the negotiation, my main application (in C) will do a simple
> system call like
>
> system("iptables [OPTIONS] ...");
>
> to add a rule for packets received on eth0 and on which DSP to
> forward them to.
Ah. So you do not want to put these rules (that we have been
discussing) in a system start up script / iptables-save file. This
makes things a bit more interesting in the long run. (See below.)
> After the call is over, my main application will do another call to
> iptables to remove the above added rule.
Having IPTables rules programmatically removed can be a bit tricky in
such as having your code know what rule to remove from the list of
rules. I suggest that you either use sub-chains and have your code
flush flush the sub-chain(s), or use the "comment" extension to tag the
rules, or attempt to pass the exact rule to iptables again to have it
delete the rule(s) in question. I personally find the sub-chain to be
more consistent and less error prone.
Also, you may want to search the archives about having C programs use
API calls to modify the IPTables chains.
> No, packets that the DSPs send are not to be prevented from going out
> on eth0.
Ok.
Grant. . . .
next prev parent reply other threads:[~2008-07-07 15:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-04 5:22 iptables resources consumed Elison Niven
2008-07-04 6:26 ` Grant Taylor
2008-07-04 9:12 ` re : " Elison Niven
2008-07-05 23:46 ` Grant Taylor
2008-07-07 5:32 ` Elison Niven
2008-07-07 15:04 ` Grant Taylor [this message]
2008-07-07 15:49 ` Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2008-07-03 5:09 Elison Niven
2008-07-03 7:25 ` G.W. Haywood
2008-07-03 9:34 ` Grant Taylor
2008-07-02 4:29 Elison.Niven
2008-07-02 19:00 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48723080.6070302@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.