Grant,
I think it would be FAR more practical to do an "iptables -t filter -L -n -v --line-numbers", "iptables -t nat -L -n -v --line-numbers", "iptables -t mangle -L -n -v --line-numbers" and parse the output looking for all lines that match POLICY001. I think this would be an excellent shell or Perl script.
Thanks for the suggestion. I think it is a very good one.
I had not heard of the "-m comment" option before and its not in my revision of Oskar Andreasson's Iptables Tutorial (guess I need to refresh my docs).
I am additionally hampered (protected?) by a dictum that scripting is not allowed in my little world, so, in the end, I would have to do what you describe programmatically (i.e. in a C or C++ program). However, I'm certainly not averse to prototyping the functionality in a shell or Perl script. I do that sometimes anyway when I want a quick tunraround as I iterate through changes to the logic.
I'll try playing around with that. When I have something I'll send it to you, or is there some sort of common repository where netfilter/iptables denizens share stuff like this?
Thanks for your help and advice,
- Andrew
_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
