Hi! There is a lot of frontends for iptables like shorewall, ufw, ferm and special firewall distros. They all are trying to formalize, simplify, integrate the configuration of Linux firewall and traffic control subsystems. They also use a certain set of metadata for their own use. One of the iptables disadvantages - the inability to effectively find out the internal state of the iptables. There is only one way - parse the "iptables -L" output, isn't it? So there's no easy way to find out how many rules in the some table now, or whether there is a rule with the given src and dst port in such a table, for example. So for these purposes the frontend should keep the internal state of iptables in some way, instead of simply request this information from iptables. There is no doubt that for nftables frontends will be written too, so the question is: "Will nfatbles be able to find out various information about their own current state: tables, chains, rules, etc?" Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
