> 2002-05-17 16:18:38-0500, Glover George <[EMAIL PROTECTED]> -> > > I've asked this question before, but never received any > response, so > > forgive me for asking again. > > I was just looking through some things, and what I want to do has an > > option to do it in iptables 1.2.4, > > And that option is the -C or --check. I want to be able to > verify if a > > given packet will make it through a chain. > > > > But when I run it with 1.2.4, it tells me this feature will be > > implemented real soon. Has this been done in 1.2.6a? > > > > And if so, or when so, might I make a request to add how > far down the > > chain we'd like to test? I'd like to know if say, it will pass the > > first 3 rules of a chain, or the first 5, so you can use > that to tell > > where to insert a new rule to make sure it isn't affected > by any other > > rules, but doesn't supersceed any intents. > > > > Thanks a lot. > > > > This feature will never be impemented. Its impossible to > create test-data for each and every module. The -C syntax > help has been removed in the latest CVS.
True, but I'm talking about only the INPUT, FORWARD, and OUTPUT chains. Why would you need test data? There should be a way to actually insert a packet into the real chains and see if it comes out (some sort of hook to see if it's a test packet or something). It seems to me that there could be widespread use of a way to more automate the firewalling rules. Right now, it takes manual entry, and most people are probably coming up with the best rules they know and leaving them static for long periods of time. Wouldn't it behove us to have more interoperability with the sub-system? Things like testing a packet against a chain really seems to me like a very useful thing, maybe not an easy thing, but nevertheless a useful and acheivable thing. But then you guys are the experts. Haha. I'm just hopeful. Thanks a lot. Glover George Systems/Networks Admin Gulf Sales & Supply, Inc. (228) 762-0268 [EMAIL PROTECTED] http://www.gulfsales.com
