[Bug 699] please add new options to iptables-restore to continue on error and suppress error output
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sat May 18 23:31:28 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=699
--- Comment #3 from kavulix <linuxed7 at yahoo.com> 2013-05-18 23:31:27 CEST ---
I was attempting to develop an ipblocker application that would manage large
lists of ip ranges (all of the lists from bluetack.co.uk). It would enable
users to enable/disable individual ranges of ip addresses or entire lists.
Unfortunately the development stalled because iptables lacked this very
important feature.
Let's say that a user has a default list of iptables rules applied each time
they log in. For example, the default configuration when using the firestarter
application. The ipblocker application can't flush the rules and start over
each time it needs to add or remove rules from iptables because there may be
other pre-existing rules. And it's not feasible to remove and then add rules
one at a time because it would be incredibly slow. Depending on the lists
enabled by the user it could amount to literally hundreds of thousands of ip
ranges.
The only way to manage that many rules efficiently is with the iptables-restore
command. Unfortunately each ip range rule has to be deleted first before it's
added to avoid duplicates. If you attempt to delete a rule that doesn't exist
then iptables-restore exits which prevents the rest of the commands from
executing.
You can download a pre-alpha version at the link below. Not every feature is
functional but you can download and enable/disable the bluetack lists assuming
that the attached patch has been applied.
http://sourceforge.net/projects/gorget/files/
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list