path: root/
diff options
authorStefan Tomanek <>2011-03-08 22:42:51 +0100
committerJan Engelhardt <>2011-03-08 23:12:05 +0100
commitd59b9db031abee37a9aa9776662dd15370faabf4 (patch)
tree47481f2b5f1afbc122f494beca1375de661c1160 /
parent9cc4f24e72f87ca191c2e723e7cd293f6477481c (diff)
iptables: add -C to check for existing rules
It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <> Signed-off-by: Jan Engelhardt <>
Diffstat (limited to '')
1 files changed, 8 insertions, 2 deletions
diff --git a/ b/
index 43069343..7690ba14 100644
--- a/
+++ b/
@@ -27,8 +27,8 @@
ip6tables \(em IPv6 packet filter administration
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain
-rule-specification\fP [\fIoptions...\fP]
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP}
+\fIchain rule-specification\fP [\fIoptions...\fP]
\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP]
\fIrule-specification\fP [\fIoptions...\fP]
@@ -139,6 +139,12 @@ Append one or more rules to the end of the selected chain.
When the source and/or destination names resolve to more than one
address, a rule will be added for each possible address combination.
+\fB\-C\fP, \fB\-\-check\fP \fIchain rule-specification\fP
+Check whether a rule matching the specification does exist in the
+selected chain. This command uses the same logic as \fB\-D\fP to
+find a matching entry, but does not alter the existing iptables
+configuration and uses its exit code to indicate success or failure.
\fB\-D\fP, \fB\-\-delete\fP \fIchain rule-specification\fP