NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

need help with libiptc

from [Hal Moroff] [Permanent Link][Original]
To: netfilter@lists.netfilter.org
Subject: need help with libiptc
From: "Hal Moroff" <halm90@gmail.com>
Date: Wed, 21 Feb 2007 12:00:27 -0800
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=NuUwUpnhwqJhdbBj8aGhSrmCw/u2wp0glIVBctQLtyfYfSGUnRUqAyEvnY0O/nD+OF8tK1/IaLxpGKTmjaAYDEHWd4rZKE3f9b+xjsi4qh1fzFvbcM1yLeogeFEQzJ/GP8cBAPxLsZtrS9IYLN1lmdq145RQXBgC4Isj7x1MhrI=
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org 
I'm writing an application that needs to dynamically add & remove iptables
rules at runtime.  I'm trying to use libiptc and finding it quite hard
to fathom.  I
can create/destroy chains, but there's no real documentation on
iptc_insert_entry.

I find it hard to believe that this isn't more commonly done.  Aren't there any
other apps out there that do this?

About the only doc I can find on libiptc is Leonardo Balliache's "Querying
libiptc HOWTO".  It's good, but far from complete.  In particular he says
little/nothing on how to construct the ipt_entry struct that you must pass to
iptc_insert_entry.  He extracts the structure definition from the
header file, but
there's much more to it than that.

Looking at the iptables.c source I can see that in order to insert an entry
the ipt_entry struct must contain a list of current targets, but I can't find
how to create that list.

Can anybody offer any help at all on dynamically adding rules to iptables
by calls into libiptc?  If there's a better / simpler way to do this I'm open to
that as well.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • need help with libiptc, Hal Moroff <=
Previous by Date:  Re: -s THIS ? (address belongs to one of of interfaces of local machine), Jim Laurino
Next by Date:  Re: -s THIS ? (address belongs to one of of interfaces of local machine) ?, Cedric Blancher
Previous by Thread:  Iptables 1.3.7 and uClibc, hinko.kocevar@cetrtapot.si
Next by Thread:  problems with port forwarding, Andres Baravalle
Indexes:  [Date] [Thread] [Top] [All Lists]