feature request, way to check specific IP/port/protocol/etc

[Dmitri Seletski <drjoms@gmail.com>]

Hello Dear IPTABLES/Netfilter Devs.


Thank you very much for your efforts.

I am strong  believer, that if you don't do something yourself - it wont 
be done.
With that said, I am no coder.(No C coder and not a competent by any 
stretch of imagination)


I have come across a situation where I need to write a script. In this 
script would be nice to check if specific port is opened. I checked 
iptables --help and I can't seem to find an easy way to check it.

I can do something like iptables -Ln and get a range and try to work 
around that. But I think it would be better to implement couple of ideas 
below:


1. To make a new option. Similar to -L , that will verbosely show all 
subnets/port ranges. So user can grep anything that may be remotely 
relevant. And yes I understand it may take a lot of time in some cases, 
but sometimes CPU time is a commodity you do have.

2. To make new option. May be call it -S, that will search, based on 
parameters, any and all rules that match for e.g. specific port or IP or 
protocol or combination of those.

So for example, -S -p tcp -s 127.0.0.1 -d 192.168.0.1

should show any rules that match search criteria above  and default 
policy. In other words likely to affect tcp ip coomunication between 
127.0.0.1 and 192.168.0.1

Which will give indication to script writers, if communication between 
script or some other app is possible to outside of the machine or to 
other VM or some other such stuff.

It's my first suggestion to a big list like this. So hit me on the face 
with soldier boots, but gently please. English is not my native tongue, 
so if you need clarification of stuff I have written above -  I'd be 
very happy to try to insult your intelligence with my attempts at 
english again.


Kind Regards

Dmitri