There are a few things that could help to make this faster for you. One, start with an iptables -vnL TABLE > temp.file, then grep the file. Second, which you may very well already be doing, make sure you're using grep -F, or that you are escaping every special character. Otherwise, all the '.'s that make up ip addresses create a much more complex regex than you probably want. alternatively, if you've got a fairly stable table, use the --line-numbers option and then grep for "^$LINE_NUMBER ", which should be a fairly fast search.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of George Vieira > Sent: Monday, July 01, 2002 2:20 AM > To: '[EMAIL PROTECTED]' > Subject: RE: iptables -L TABLE -n -v -d x.x.x.x --dport x -i ethx > > > problem is that sometimes the rule list can be a very long table and I'm > using it in conjunction with MRTG to graph the byte values. So you can > imagine how slow MRTG completes and how much CPU is used by continuous > grepping can be.. > > At the moment I've written scripts in PHP to do what I need and works but > netfilter should be able to redo their source and imitate the "-D INPUT" > (example) routine to the "-L INPUT" command and instead of > deleting the rule > it (-L)ists it... can't be that hard.. though I'm not a C coder.. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > http://www.citadelcomputer.com.au > > > > -----Original Message----- > From: Jack Bowling > > I would just try the tried and true grep: > > iptables -L TABLE -n -v | grep "-d x.x.x.x --dport x -i ethx" > > jb > > >
