From: http://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html#ss4.5 http://www.bani.com.br/2012/05/programmatically-managing-iptables-rules-in-c-iptc/ 4.5 Is there an C/C++ API for adding/removing rules? The answer unfortunately is: No. Now you might think 'but what about libiptc?'. As has been pointed out numerous times on the mailinglist(s), libiptc was _NEVER_ meant to be used as a public interface. We don't guarantee a stable interface, and it is planned to remove it in the next incarnation of linux packet filtering. libiptc is way too low-layer to be used reasonably anyway. We are well aware that there is a fundamental lack for such an API, and we are working on improving that situation. Until then, it is recommended to either use system() or open a pipe into stdin of iptables-restore. The latter will give you a way better performance. On Sat, Dec 13, 2014 at 12:13 PM, Neal Murphy <neal.p.murphy@xxxxxxxxxxxx> wrote: > On Tuesday, November 25, 2014 12:45:35 PM Vijay Viswanathan wrote: >> ya, >> I faced same issue, the ipt library cannot be used directly. They >> warned in the Readme. > > This doesn't really make sense; iptables itself has to use the lib directly. > Miniupnpd and Smoothwall's ipbatch both use the lib directly. > > N > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
