Jesper Dangaard Brouer wrote:
On Friday 2008-10-31 19:54, Rick Jones wrote:
> > Here is where I cop to being a luddite who prefers straight C to
calling
> system() :)
Using libiptc, here is the C-program you need:
--- cut here ---
#include <stdio.h>
#include <libiptc/libiptc.h>
main(int argc, char *argv[])
{
char *table = "filter";
const char *chain;
const struct ipt_entry *rule;
iptc_handle_t handle = NULL;
unsigned int num_chains = 0;
unsigned int num_rules = 0;
handle = iptc_init(table);
//dump_entries(handle);
chain = iptc_first_chain(&handle);
while (chain) {
//printf("Chain:%s\n", chain);
num_chains++;
rule = iptc_first_rule(chain, &handle);
while (rule) {
num_rules++;
rule = iptc_next_rule(rule, &handle);
}
//printf("Rules so far:%u\n", num_rules);
chain = iptc_next_chain(&handle);
}
printf("Number of chains:%u\n", num_chains);
printf("Number of rules:%u\n", num_rules);
}
--- cut here ---
Thanks - indeed I have code very much like that already in my initial
prototype. Biggest difference is I check every table listed under
/proc/net/mumble :) I'm still trying to decipher what the parsing code
in libiptc is doing so see how much work it would be for me to create
braindead rule counting code.
I could I suppose just drop back and not worry about counting rules per
se, but just arriving at a rules vs no rules decision somehow.
rick jones
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html