2008/8/19 Hinko Kocevar <hinko.kocevar@xxxxxxxxxxxx>: > Hi, > > Is there a way to tell if iptables (firewall) is active from some > /proc or /sys file? Or with iptables utility? > > It is safe to assume if no rules are present in any of the chains > that firewall is inactive/disabled? I agree with other posters that checking whether iptables module is loaded or not is the best way to check. Mind you, iptables -L only check "filter" chain. You also need to iterate over "nat" and "mangle" table too to make sure no rules is defined there. The word "active" has double meaning IMHO. iptables...as far the hook mechanism is concerned, is always active i.e the function pointer is checked...if it's not null then something must be done inside iptables code flow. the real point here is whether the iptables hook is calling the filtering/nat/mangling function or not. regards, Mulyadi. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
