Re: iptable: obtaining list of tables?

[Mart Frauenlob <mart.frauenlob@chello.at>]

On 26.02.2010 14:14, Karthik Venkateswaran wrote:
> I agree with you George, atleast it seems there is no mechanism to list the tables.
> 
> Apologies for my ignorance, but could you tell me the reason why you would need to list the tables. As far as I know netfilter provides a static list of tables - filter, mangle & nat.

no, that's not quite right.
In the early days iptables had mangle, nat and filter tables.
Then the raw table was introduced to circumvent connection tracking.
Now we also have the security table for SELinux context, hocked right
after the filter table.
And there is the rawpost table, available if you install the
xtables-addons (used for RAWSNAT and RAWDNAT - static nat without
connection tracking).

If the kernel was built with the tables compiled as modules, you can
load/unload them. i.e output of lsmod:
ip_tables               7551  6
iptable_security,iptable_nat,iptable_mangle,iptable_raw,iptable_filter,iptable_rawpost

Usually the currently active tables are listed in:
/proc/net/ip_tables_names
This list is empty until you load the modules.

But there is no way afaik to tell what tables are supported without
knowing their names and try to load them.

Best regards

Mart


> -----Original Message-----
> From: netfilter-owner@vger.kernel.org [mailto:netfilter-owner@vger.kernel.org] On Behalf Of U. George
> Sent: Thursday, February 25, 2010 6:46 PM
> To: andy thomas
> Cc: netfilter@vger.kernel.org
> Subject: Re: iptable: obtaining list of tables?
> 
> As far as I can tell - no. Docs says it just list chains. sample try,
> suggests that only the default table is used to list a -t "" .
> 
> BTW: if u dont use -L -n, the chain is silently ignored - ;-(
> 
[...]