Is there any way for a user process to query whether a hypothetical
packet would be accepted or rejected given the current rules and state?
I know the transport protocol, source and destination, in-interface etc.
I want to ask the kernel if a packet with those parameters would be
forwarded or dropped.
The specific thing I'm trying to do is to create a conntrack entry but
only if such a packet would have created it. I know how to create the
conntrack entry, the question is how to evaluate the condition first.
I'm trying to avoid having to evaluate the rules manually, which is very
complicated and likely to result in bugs. And I'm not even sure how to
get certain information to do that, like whether a packet would
currently match the conntrack RELATED state.
Is there some API to query this information? I imagine that could be
useful for debugging as well.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
