problem is that sometimes the rule list can be a very long table and I'm using it in conjunction with MRTG to graph the byte values. So you can imagine how slow MRTG completes and how much CPU is used by continuous grepping can be..
At the moment I've written scripts in PHP to do what I need and works but netfilter should be able to redo their source and imitate the "-D INPUT" (example) routine to the "-L INPUT" command and instead of deleting the rule it (-L)ists it... can't be that hard.. though I'm not a C coder.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -----Original Message----- From: Jack Bowling I would just try the tried and true grep: iptables -L TABLE -n -v | grep "-d x.x.x.x --dport x -i ethx" jb
