Hi,
I think to solve your problem you could work around it by using a series of
awk grep and sed commands along with iptables -vL to test if your rule is
loaded, presently that is how i get my current ip etc..
man awk, man grep, man sed
for example:
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet adr' | awk '{print $2}' | sed -e
's/.*$
Regards,
Tim
> -----Message d'origine-----
> De : netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-
> bounces@xxxxxxxxxxxxxxxxxxx] De la part de `VL
> Envoyé : vendredi 8 avril 2005 09:00
> À : netfilter@xxxxxxxxxxxxxxxxxxx
> Objet : Feature request: ability to test if rule is loaded
>
> Hello all.
>
> I recently started to configure my firewall and decided to write some
> more advanced shell scripts to make loading of rules easier. My task
> was to have a config which looks like:
>
> loadrule client/ssh on/off
> loadrule server/sshd on/off
>
> and i want the ability to run script, which will go thorough this list
> and will load rules that are not yet loaded, and remove rules, that
> marked off, if they are loaded.
>
> client/ssh is a file, that contains something like this:
>
> NAME="SSH Client"
> RULES_NUM="2"
> MY_SSH_SERVER1="xxx.xxx.xxx.xxx"
>
> RULE[0]="OUTPUT -o eth0 -p tcp...."
> RULE[1]="INPUT -i eth0 ...."
>
> When i want to add rule, my function loadrule runs iptables -A
> RULE[0,1...], if i want to disable rule, i call iptables -D
> RULE[0,1...]
>
> But! How do i test if rule was loaded? If i delete rules, i get an
> error if rule is not loaded, if i add rules, it just added next in
> chain.
>
> So, it would be nice to have new iptables option, i think -T , which
> will act like -D with one exception: it will not delete rule, just
> return true if rule exists in chain, and false otherwise.
>
> It seems to me that it is very easy to add, and that it will be
> usefull for system administrators.
>
> For example, if we can`t turn of firewall on critical server,
> administrator have to manually review list of rules and delete some,
> he decided to remove by some reasons. With my approach he just changes
> 1 line in readable config to off, and asks script to reload config.
>
> What do you think ?
