[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: iptables to add same rule
From:       Sudarshan Soma <sudarshan12s () gmail ! com>
Date:       2009-05-21 14:22:14
Message-ID: de72ca4e0905210710s662b2034sb30e624c0e1a5d6a () mail ! gmail ! com
[Download RAW message or body]

Thanks so much Jozsef. i have implemented in wrong way. i will look
into your option.

Thanks
Pavan

On Wed, May 20, 2009 at 12:42 AM, Jozsef Kadlecsik
<kadlec@blackhole.kfki.hu> wrote:
> On Tue, 19 May 2009, Sudarshan Soma wrote:
>
>> I am trying to present WUI for iptables with simple functionality such
>> as add/delete rule. For adding rule, can i avoid adding the same rule
>> again.
>> Suppose, if the user tries to block ftp from outside. I will add
>> iptable rule as below:
>> iptables -A INPUT -p tcp --dport 21 -j DROP
>>
>> If the user tries to add the same rule again, can i somehow determine
>> through iptables , if the rule is already added.
>
> IMHO this is just a wrong approach.
>
> You have to get (list) all the rules from the kernel anyway to present the
> user with the exact ruleset. So why don't you simply generate the new
> tables in iptables-restore format after the user added/deleted whatever
> rules, and push it back to the kernel in one step?
>
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
>          H-1525 Budapest 114, POB. 49, Hungary
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]