2002-05-20 01:19:49+0200, Thomas Graf <[EMAIL PROTECTED]> -> > hi > > * [EMAIL PROTECTED] wrote: > > I am doing a project which uses libiptc. > > It involves inserting and deleting iptables rules > > based on clients' requests. This necessitates the need > > for keeping tracking of the rulenumber of all the > > rules inserted. > > I have gone through the code of iptables and libiptc. > > I could not find any routine that can be used to get > > the rulenumber of an iptables rule. > > I have the same problem, the 'rule number' is a number generated > when printing the rules to the screen, therefore not reliable. > > > WHAT I WANT To KNOW :: > > > > 1) Given a rule, Is there any way to get the > > rulenumber, something like a search routine > > 2) If there is no search routine, can we get the > > rulenumber when a rule is inserted by sending an > > argument or the like > > I asked the same question a few weeks ago and got no answer, all > i found is the code that iptables -D uses but that is very time > consuming. > There is some piece of code that iptables -D uses to search a > rule based on it's parameters. > > My idea is to add a uuid to each rule but i never got feedback > to that idea so i freezed the project. > > -- > Thomas Graf
We said it before and we say it again. libiptc was never intended to be used by anything else but iptables.c self. Its not an "open" API to be used by any C-program. It might be and will be changed without any notice possible making your c-program not working anymore. Use scripts to parse the output of iptables or iptables-save. Use another script to insert new rules with iptables or iptables-restore. For next generation of netfilter we might consider making this lib a real library to be used by any program. -- /Joakim Axelsson A.K.A Gozem@EFnet & OPN
