On Tuesday 2011-03-08 22:42, Stefan Tomanek wrote: >It is often useful to check whether a specific rule is already present >in a chain without actually modifying the iptables config. > >Services like fail2ban usually employ techniques like grepping through >the output of "iptables -L" which is quite error prone. > >This patch adds a new operation -C to the iptables command which mostly >works like -D; it can detect and indicate the existence of the specified >rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses >the same code as the -D operation, whose functions got a dry-run >parameter appended. I picked this up, sorted -C in and ironed out a few style issues. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html