Thanks so much Jozsef. i have implemented in wrong way. i will look into your option. Thanks Pavan On Wed, May 20, 2009 at 12:42 AM, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote: > On Tue, 19 May 2009, Sudarshan Soma wrote: > >> I am trying to present WUI for iptables with simple functionality such >> as add/delete rule. For adding rule, can i avoid adding the same rule >> again. >> Suppose, if the user tries to block ftp from outside. I will add >> iptable rule as below: >> iptables -A INPUT -p tcp --dport 21 -j DROP >> >> If the user tries to add the same rule again, can i somehow determine >> through iptables , if the rule is already added. > > IMHO this is just a wrong approach. > > You have to get (list) all the rules from the kernel anyway to present the > user with the exact ruleset. So why don't you simply generate the new > tables in iptables-restore format after the user added/deleted whatever > rules, and push it back to the kernel in one step? > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html