* iptable: obtaining list of tables?
@ 2010-02-25 21:38 U. George
2010-02-25 22:15 ` andy thomas
0 siblings, 1 reply; 5+ messages in thread
From: U. George @ 2010-02-25 21:38 UTC (permalink / raw)
To: netfilter
Besides looking in /proc, can one get iptable to list the names of the
firewall tables?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptable: obtaining list of tables?
2010-02-25 21:38 iptable: obtaining list of tables? U. George
@ 2010-02-25 22:15 ` andy thomas
2010-02-25 23:45 ` U. George
0 siblings, 1 reply; 5+ messages in thread
From: andy thomas @ 2010-02-25 22:15 UTC (permalink / raw)
To: U. George; +Cc: netfilter
On Thu, 25 Feb 2010, U. George wrote:
> Besides looking in /proc, can one get iptable to list the names of the
> firewall tables?
Won't iptables -L do this?
Andy
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptable: obtaining list of tables?
2010-02-25 22:15 ` andy thomas
@ 2010-02-25 23:45 ` U. George
2010-02-26 13:14 ` Karthik Venkateswaran
0 siblings, 1 reply; 5+ messages in thread
From: U. George @ 2010-02-25 23:45 UTC (permalink / raw)
To: andy thomas; +Cc: netfilter
As far as I can tell - no. Docs says it just list chains. sample try,
suggests that only the default table is used to list a -t "" .
BTW: if u dont use -L -n, the chain is silently ignored - ;-(
===========================================
[root@MyLaptop gat]# /sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
[root@MyLaptop gat]# /sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]# /sbin/iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]# /sbin/iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]#
===========================================
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: iptable: obtaining list of tables?
2010-02-25 23:45 ` U. George
@ 2010-02-26 13:14 ` Karthik Venkateswaran
2010-02-26 14:24 ` Mart Frauenlob
0 siblings, 1 reply; 5+ messages in thread
From: Karthik Venkateswaran @ 2010-02-26 13:14 UTC (permalink / raw)
To: U. George, andy thomas; +Cc: netfilter@vger.kernel.org
I agree with you George, atleast it seems there is no mechanism to list the tables.
Apologies for my ignorance, but could you tell me the reason why you would need to list the tables. As far as I know netfilter provides a static list of tables - filter, mangle & nat.
Regards,
Karthik
-----Original Message-----
From: netfilter-owner@vger.kernel.org [mailto:netfilter-owner@vger.kernel.org] On Behalf Of U. George
Sent: Thursday, February 25, 2010 6:46 PM
To: andy thomas
Cc: netfilter@vger.kernel.org
Subject: Re: iptable: obtaining list of tables?
As far as I can tell - no. Docs says it just list chains. sample try,
suggests that only the default table is used to list a -t "" .
BTW: if u dont use -L -n, the chain is silently ignored - ;-(
===========================================
[root@MyLaptop gat]# /sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
[root@MyLaptop gat]# /sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]# /sbin/iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]# /sbin/iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MyLaptop gat]#
===========================================
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
______________________________________________________________________
This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
______________________________________________________________________
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: iptable: obtaining list of tables?
2010-02-26 13:14 ` Karthik Venkateswaran
@ 2010-02-26 14:24 ` Mart Frauenlob
0 siblings, 0 replies; 5+ messages in thread
From: Mart Frauenlob @ 2010-02-26 14:24 UTC (permalink / raw)
To: netfilter
On 26.02.2010 14:14, Karthik Venkateswaran wrote:
> I agree with you George, atleast it seems there is no mechanism to list the tables.
>
> Apologies for my ignorance, but could you tell me the reason why you would need to list the tables. As far as I know netfilter provides a static list of tables - filter, mangle & nat.
no, that's not quite right.
In the early days iptables had mangle, nat and filter tables.
Then the raw table was introduced to circumvent connection tracking.
Now we also have the security table for SELinux context, hocked right
after the filter table.
And there is the rawpost table, available if you install the
xtables-addons (used for RAWSNAT and RAWDNAT - static nat without
connection tracking).
If the kernel was built with the tables compiled as modules, you can
load/unload them. i.e output of lsmod:
ip_tables 7551 6
iptable_security,iptable_nat,iptable_mangle,iptable_raw,iptable_filter,iptable_rawpost
Usually the currently active tables are listed in:
/proc/net/ip_tables_names
This list is empty until you load the modules.
But there is no way afaik to tell what tables are supported without
knowing their names and try to load them.
Best regards
Mart
> -----Original Message-----
> From: netfilter-owner@vger.kernel.org [mailto:netfilter-owner@vger.kernel.org] On Behalf Of U. George
> Sent: Thursday, February 25, 2010 6:46 PM
> To: andy thomas
> Cc: netfilter@vger.kernel.org
> Subject: Re: iptable: obtaining list of tables?
>
> As far as I can tell - no. Docs says it just list chains. sample try,
> suggests that only the default table is used to list a -t "" .
>
> BTW: if u dont use -L -n, the chain is silently ignored - ;-(
>
[...]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-02-26 14:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-25 21:38 iptable: obtaining list of tables? U. George
2010-02-25 22:15 ` andy thomas
2010-02-25 23:45 ` U. George
2010-02-26 13:14 ` Karthik Venkateswaran
2010-02-26 14:24 ` Mart Frauenlob
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.