andykras at hotmail.com
Fri Apr 15 01:03:11 CEST 2005
>I think it would be FAR more practical to do an "iptables -t filter -L -n
>-v --line-numbers", "iptables -t nat -L -n -v --line-numbers", "iptables -t
>mangle -L -n -v --line-numbers" and parse the output looking for all lines
>that match POLICY001. I think this would be an excellent shell or Perl
Thanks for the suggestion. I think it is a very good one.
I had not heard of the "-m comment" option before and its not in my revision
of Oskar Andreasson's Iptables Tutorial (guess I need to refresh my docs).
I am additionally hampered (protected?) by a dictum that scripting is not
allowed in my little world, so, in the end, I would have to do what you
describe programmatically (i.e. in a C or C++ program). However, I'm
certainly not averse to prototyping the functionality in a shell or Perl
script. I do that sometimes anyway when I want a quick tunraround as I
iterate through changes to the logic.
I'll try playing around with that. When I have something I'll send it to
you, or is there some sort of common repository where netfilter/iptables
denizens share stuff like this?
Thanks for your help and advice,
Dont just search. Find. Check out the new MSN Search!
More information about the netfilter