libiptc or alternative

libiptc or alternative

[U.Mutlu]

Hi,
in my userland-app I'm calling the iptables binary to add and
to remove iptables rules, but after moving to a Gigabit-Link
I need a faster method.
libiptc seems to fit the job but then it seems to be 'deprecated', is it really?
Is there a successor to it, or other alternatives?
Can I still use libiptc on a system where iptables v1.4.12 is installed?

Re: libiptc or alternative

[Pablo Neira Ayuso]

On Fri, Nov 04, 2011 at 09:14:13PM +0100, U.Mutlu wrote:
> Hi,
> in my userland-app I'm calling the iptables binary to add and
> to remove iptables rules, but after moving to a Gigabit-Link
> I need a faster method.
> libiptc seems to fit the job but then it seems to be 'deprecated', is it really?
> Is there a successor to it, or other alternatives?
> Can I still use libiptc on a system where iptables v1.4.12 is installed?

Pipe commands to iptables-save.

Re: libiptc or alternative

[Pablo Neira Ayuso]

On Mon, Nov 07, 2011 at 02:02:19AM +0100, Pablo Neira Ayuso wrote:
> On Fri, Nov 04, 2011 at 09:14:13PM +0100, U.Mutlu wrote:
> > Hi,
> > in my userland-app I'm calling the iptables binary to add and
> > to remove iptables rules, but after moving to a Gigabit-Link
> > I need a faster method.
> > libiptc seems to fit the job but then it seems to be 'deprecated', is it really?
> > Is there a successor to it, or other alternatives?
> > Can I still use libiptc on a system where iptables v1.4.12 is installed?
> 
> Pipe commands to iptables-save.

Sorry, I meant to say iptables-restore, of course.

Re: libiptc or alternative

[U.Mutlu]

Pablo Neira Ayuso wrote, On 2011-11-07 02:03:
> On Mon, Nov 07, 2011 at 02:02:19AM +0100, Pablo Neira Ayuso wrote:
>> On Fri, Nov 04, 2011 at 09:14:13PM +0100, U.Mutlu wrote:
>>> Hi,
>>> in my userland-app I'm calling the iptables binary to add and
>>> to remove iptables rules, but after moving to a Gigabit-Link
>>> I need a faster method.
>>> libiptc seems to fit the job but then it seems to be 'deprecated', is it really?
>>> Is there a successor to it, or other alternatives?
>>> Can I still use libiptc on a system where iptables v1.4.12 is installed?
>>
>> Pipe commands to iptables-save.
>
> Sorry, I meant to say iptables-restore, of course.

Hmm. I think in my case this method is suboptiomal because my
iptables rules do change very frequently (ie. banning individual
ip's at different times and then unbanning each after say x minutes,
again individually, ie. not as a group).

I think in this case I should stick with libiptc since it's still
part of the official iptables distribution.

Re: libiptc or alternative

[Ed W]

On 07/11/2011 02:09, U.Mutlu wrote:
>
> Hmm. I think in my case this method is suboptiomal because my
> iptables rules do change very frequently (ie. banning individual
> ip's at different times and then unbanning each after say x minutes,
> again individually, ie. not as a group).
>
> I think in this case I should stick with libiptc since it's still
> part of the official iptables distribution.

This is starting to sound like something ipset could help with?

Ed W