Hi I'm quite sure that I'm not the first guy asking for such a functionality but I could not find anything in the Internet nor in the netfilter mailing list. Is there any tool or iptables extension to query the iptables rule base? What I mean is something that needs input parameters such as - source IP address - destination IP address - source Port - destination Port - incoming interface - outgoing interface - ToS - FWMARK - ... and the output is the matching rules of all tables (mangle, raw, nat and filter table). I know that the output only shows half of the truth for traffic that needs a helper such as FTP and SIP but it would be perfect for off-line analysis and for debugging purposes of our large environment. Thank you for sharing your experiences! Best regards Stefan Keller -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
