On 5/23/06, Sven-Haegar Koch <haegar@xxxxxxxxx> wrote:
On Tue, 23 May 2006, Manfred Stock wrote: > I'm looking for a way to control an iptables-match from a > c/c++-program. My goal is to > have a simple match-module which can be told from userspace to either > return 0 or 1 > in it's match-function (this would be useful for dynamically turning > on/off several more > complicated rules without inserting/removing them from the ip tables, > i.e. without > using libiptc (for which I haven't found an easy way on how to use it > anyways...) or > iptables itself). Have a look at the "condition" patch-o-matic-ng extension. Some time ago is was in the pom-ng subversion repository, but I don't know where it is kept now.
Thanks. That's close to what I'm looking for. Unfortunately, it does not seem to be maintained anymore - I could find the sources in netfilter's svn using google, but the last change was it's import into the new trunk directory 19 months ago... At least it compiles against 2.6.8 with only one warning, and seems to work. But I would very much prefer a solution which does not rely on /proc because I don't believe in it's future for this kind of stuff ;). Any ideas? Best regards, Manfred.
