Tom Cook <tom.k.cook@xxxxxxxxx> wrote: > For a `struct ipt_entry` that I have retrieved using iptc_next_rule [..] Please don't do this, use ip(6)tables-restore instead. You can pipe input to it and you can use --noflush option for batch processing, including multiple deletes/adds/inserts etc. libiptc doesn't do some things (such as checking which revisions of a match/target are available/supported) that will 'just work' with xt-restore variants. Also, libiptc is GPL v2, so it comes with all license restrictions when linking against it.
