need help with libiptc
halm90 at gmail.com
Wed Feb 21 21:00:27 CET 2007
I'm writing an application that needs to dynamically add & remove iptables
rules at runtime. I'm trying to use libiptc and finding it quite hard
to fathom. I
can create/destroy chains, but there's no real documentation on
I find it hard to believe that this isn't more commonly done. Aren't there any
other apps out there that do this?
About the only doc I can find on libiptc is Leonardo Balliache's "Querying
libiptc HOWTO". It's good, but far from complete. In particular he says
little/nothing on how to construct the ipt_entry struct that you must pass to
iptc_insert_entry. He extracts the structure definition from the
header file, but
there's much more to it than that.
Looking at the iptables.c source I can see that in order to insert an entry
the ipt_entry struct must contain a list of current targets, but I can't find
how to create that list.
Can anybody offer any help at all on dynamically adding rules to iptables
by calls into libiptc? If there's a better / simpler way to do this I'm open to
that as well.
More information about the netfilter