need help with libiptc

[Hal Moroff]

I'm writing an application that needs to dynamically add & remove iptables
rules at runtime.  I'm trying to use libiptc and finding it quite hard
to fathom.  I
can create/destroy chains, but there's no real documentation on
iptc_insert_entry.

I find it hard to believe that this isn't more commonly done.  Aren't there any
other apps out there that do this?

About the only doc I can find on libiptc is Leonardo Balliache's "Querying
libiptc HOWTO".  It's good, but far from complete.  In particular he says
little/nothing on how to construct the ipt_entry struct that you must pass to
iptc_insert_entry.  He extracts the structure definition from the
header file, but
there's much more to it than that.

Looking at the iptables.c source I can see that in order to insert an entry
the ipt_entry struct must contain a list of current targets, but I can't find
how to create that list.

Can anybody offer any help at all on dynamically adding rules to iptables
by calls into libiptc?  If there's a better / simpler way to do this I'm open to
that as well.