Iptables programmatic interface
Harald Welte
laforge@gnumonks.org
Tue, 2 Oct 2001 19:42:21 +0200
On Thu, Sep 27, 2001 at 03:13:19PM +0300, Edward Ari Bichetero wrote:
> Hi,
> I was wondering if there is a programmatic interface to
> iptables. The project I am working on needs to alter/control the
> firewall rules from a program and using "system()" to call the iptables
> util is undesirable.
> Something along the lines of that used for ipchains (raw sockets) would
> do.
> Anyone have ideas/pointers ?
there's libiptc, but this is way too low-level.
Best idea for now: start an iptables-restore and pipe your rules on stdin
of iptables-restore. Each time you send a COMMIT line, the ruleset will be
updated.
> - Edward -
--
Live long and prosper
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)