On Friday 2008-10-31 19:54, Rick Jones wrote:
>
> Here is where I cop to being a luddite who prefers straight C to calling
> system() :)
Using libiptc, here is the C-program you need:
--- cut here ---
#include <stdio.h>
#include <libiptc/libiptc.h>
main(int argc, char *argv[])
{
char *table = "filter";
const char *chain;
const struct ipt_entry *rule;
iptc_handle_t handle = NULL;
unsigned int num_chains = 0;
unsigned int num_rules = 0;
handle = iptc_init(table);
//dump_entries(handle);
chain = iptc_first_chain(&handle);
while (chain) {
//printf("Chain:%s\n", chain);
num_chains++;
rule = iptc_first_rule(chain, &handle);
while (rule) {
num_rules++;
rule = iptc_next_rule(rule, &handle);
}
//printf("Rules so far:%u\n", num_rules);
chain = iptc_next_chain(&handle);
}
printf("Number of chains:%u\n", num_chains);
printf("Number of rules:%u\n", num_rules);
}
--- cut here ---
~/git/iptables$ gcc count.c -o count libiptc/libiptc.a -I./include
Cheers,
Jesper Brouer
--
-------------------------------------------------------------------
MSc. Master of Computer Science
Dept. of Computer Science, University of Copenhagen
Author of http://www.adsl-optimizer.dk
-------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html