I'm writing an application that needs to dynamically add & remove iptables rules at runtime. I'm trying to use libiptc and finding it quite hard to fathom. I can create/destroy chains, but there's no real documentation on iptc_insert_entry. I find it hard to believe that this isn't more commonly done. Aren't there any other apps out there that do this? About the only doc I can find on libiptc is Leonardo Balliache's "Querying libiptc HOWTO". It's good, but far from complete. In particular he says little/nothing on how to construct the ipt_entry struct that you must pass to iptc_insert_entry. He extracts the structure definition from the header file, but there's much more to it than that. Looking at the iptables.c source I can see that in order to insert an entry the ipt_entry struct must contain a list of current targets, but I can't find how to create that list. Can anybody offer any help at all on dynamically adding rules to iptables by calls into libiptc? If there's a better / simpler way to do this I'm open to that as well.
