Le 08/06/2012 13:32, Stefan Keller a écrit :
Hi
I'm quite sure that I'm not the first guy asking for such a
functionality but I could not find anything in the Internet
nor in the netfilter mailing list.
Is there any tool or iptables extension to query the iptables
rule base? What I mean is something that needs input parameters
such as
- source IP address
- destination IP address
- source Port
- destination Port
- incoming interface
- outgoing interface
- ToS
- FWMARK
- ...
and the output is the matching rules of all tables (mangle, raw,
nat and filter table).
I know that the output only shows half of the truth for traffic that
needs a helper such as FTP and SIP but it would be perfect for
off-line analysis and for debugging purposes of our large environment.
Thank you for sharing your experiences!
Best regards
Stefan Keller
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi,
not sure to understand what you mean.
But you have the TRACE target who can help you.
"This target marks packets so that the kernel will log every rule which
match the packets as those traverse the tables, chains, rules."
Hope this help.
--
Jean-Philippe Menil - Pôle réseau Service IRTS
DSI Université de Nantes
jean-philippe.menil@xxxxxxxxxxxxxx
Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
