On Tue, 23 May 2006, Manfred Stock wrote:
I'm looking for a way to control an iptables-match from a c/c++-program. My goal is to have a simple match-module which can be told from userspace to either return 0 or 1 in it's match-function (this would be useful for dynamically turning on/off several more complicated rules without inserting/removing them from the ip tables, i.e. without using libiptc (for which I haven't found an easy way on how to use it anyways...) or iptables itself).
Have a look at the "condition" patch-o-matic-ng extension. Some time ago is was in the pom-ng subversion repository, but I don't know where it is kept now.
c'ya sven -- The Internet treats censorship as a routing problem, and routes around it. (John Gilmore on http://www.cygnus.com/~gnu/)
