From: "Timothy Earl" <mehimx@gmail.com>
To: netfilter@lists.netfilter.org
Subject: RE: Feature request: ability to test if rule is loaded
Date: Fri, 8 Apr 2005 14:00:16 +0200 [thread overview]
Message-ID: <42567252.35d385f7.3153.3e2b@mx.gmail.com> (raw)
In-Reply-To: <aec22fc5050407235958a06990@mail.gmail.com>
Hi,
I think to solve your problem you could work around it by using a series of
awk grep and sed commands along with iptables -vL to test if your rule is
loaded, presently that is how i get my current ip etc..
man awk, man grep, man sed
for example:
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet adr' | awk '{print $2}' | sed -e
's/.*$
Regards,
Tim
> -----Message d'origine-----
> De : netfilter-bounces@lists.netfilter.org [mailto:netfilter-
> bounces@lists.netfilter.org] De la part de `VL
> Envoyé : vendredi 8 avril 2005 09:00
> À : netfilter@lists.netfilter.org
> Objet : Feature request: ability to test if rule is loaded
>
> Hello all.
>
> I recently started to configure my firewall and decided to write some
> more advanced shell scripts to make loading of rules easier. My task
> was to have a config which looks like:
>
> loadrule client/ssh on/off
> loadrule server/sshd on/off
>
> and i want the ability to run script, which will go thorough this list
> and will load rules that are not yet loaded, and remove rules, that
> marked off, if they are loaded.
>
> client/ssh is a file, that contains something like this:
>
> NAME="SSH Client"
> RULES_NUM="2"
> MY_SSH_SERVER1="xxx.xxx.xxx.xxx"
>
> RULE[0]="OUTPUT -o eth0 -p tcp...."
> RULE[1]="INPUT -i eth0 ...."
>
> When i want to add rule, my function loadrule runs iptables -A
> RULE[0,1...], if i want to disable rule, i call iptables -D
> RULE[0,1...]
>
> But! How do i test if rule was loaded? If i delete rules, i get an
> error if rule is not loaded, if i add rules, it just added next in
> chain.
>
> So, it would be nice to have new iptables option, i think -T , which
> will act like -D with one exception: it will not delete rule, just
> return true if rule exists in chain, and false otherwise.
>
> It seems to me that it is very easy to add, and that it will be
> usefull for system administrators.
>
> For example, if we can`t turn of firewall on critical server,
> administrator have to manually review list of rules and delete some,
> he decided to remove by some reasons. With my approach he just changes
> 1 line in readable config to off, and asks script to reload config.
>
> What do you think ?
prev parent reply other threads:[~2005-04-08 12:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-08 6:59 Feature request: ability to test if rule is loaded `VL
2005-04-08 12:00 ` Timothy Earl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42567252.35d385f7.3153.3e2b@mx.gmail.com \
--to=mehimx@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox