Hello Dear IPTABLES/Netfilter Devs.
Thank you very much for your efforts.
I am strong believer, that if you don't do something yourself - it wont
be done.
With that said, I am no coder.(No C coder and not a competent by any
stretch of imagination)
I have come across a situation where I need to write a script. In this
script would be nice to check if specific port is opened. I checked
iptables --help and I can't seem to find an easy way to check it.
I can do something like iptables -Ln and get a range and try to work
around that. But I think it would be better to implement couple of ideas
below:
1. To make a new option. Similar to -L , that will verbosely show all
subnets/port ranges. So user can grep anything that may be remotely
relevant. And yes I understand it may take a lot of time in some cases,
but sometimes CPU time is a commodity you do have.
2. To make new option. May be call it -S, that will search, based on
parameters, any and all rules that match for e.g. specific port or IP or
protocol or combination of those.
So for example, -S -p tcp -s 127.0.0.1 -d 192.168.0.1
should show any rules that match search criteria above and default
policy. In other words likely to affect tcp ip coomunication between
127.0.0.1 and 192.168.0.1
Which will give indication to script writers, if communication between
script or some other app is possible to outside of the machine or to
other VM or some other such stuff.
It's my first suggestion to a big list like this. So hit me on the face
with soldier boots, but gently please. English is not my native tongue,
so if you need clarification of stuff I have written above - I'd be
very happy to try to insult your intelligence with my attempts at
english again.
Kind Regards
Dmitri
