Thanks for the tip Jinsuk. That will save me some time messing around with things. It'll be unfortunately crude (especially in a script that is to be run every minute), but it'll have to do. Maybe queries/lookups are something for the future development of iptables? It may not seem like something useful right now, but I bet once people had the option, they'd wonder how they lived without it. (or as an old friend said, "it's kind of like a labotomy: once you've had one *you don't know how you ever lived without it*") Jonathan ----- Original Message ----- From: "J Kim" <jindor@xxxxxxxxx> To: "Jonathan" <jonathan@xxxxxxxxxxxxxxxxx> Cc: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, October 05, 2004 9:38 PM Subject: Re: ways to lookup or query rules? > Well, as far as I know there's no facility for lookup or query. I would take > the same approach as you do. One slight improvement is use iptables-save > instead of -l option. The output of the former command looks better in that its > format is much closer to what you key in. > > Personally I put another layer between my code and iptables so that all the > iptables-related commands will go through it, letting it take care of the > chores. > > Jinsuk Kim > > --- Jonathan <jonathan@xxxxxxxxxxxxxxxxx> wrote: > > > Hi, if this is a classic case of RTFM go ahead and shoot me. > > > > Is there an option or a command to look up rules in your iptables, > > especially if there's the ability to search by rulenumber or some > > kind of key? > > > > The only solution I've seen so far, is to use the -l option, capture the > > output, and then process it, but that's a very dirty solution. > > I'm writing a script that needs to update the iptables automatically, and I > > assume it needs to know whether ot use the add or update > > option by verifying whether a rule exists, in order to decide whether to > > update the rule, or add a new one. > > > > Jonathan > > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com >
