On Wed, Jun 13, 2007, Juan León <debjuanca@gmail.com> said:

> Hi Fabrice,
> 
> 
> 2007/6/13, Pablo Neira Ayuso <pablo@netfilter.org>:
>> Fabrice Rafart wrote:
>> > I look for a tool to follow a packets into rules of netfilter.
>> >
>> > For example :
>> >
>> > # iptables-test -s 192.168.1.1 -d 192.168.2.1 -p tcp --dport 25
>> > --> FORWARD line 1  : -p tcp --dport 25 -j SMTP
>> > --> SMTP line 3     : -s 192.168.1.0/24 -j DROP
>> >
>> > This show me which rules matches the packet until the end.
>> >
>> > Does this exist ?

There was the TRACE target born for this purpose a couple years ago.

http://svn.netfilter.org/cgi-bin/viewcvs.cgi/branches/patch-o-matic-ng/linux-2.6.11/TRACE/?rev=3680

It sure will require a bit of hacking for recent kernels.

Pablo, Patrick --

Is this an interesting feature that worths merging in mainline, or
patch-o-matic at least ?

Best regards,
Samuel