diff options
| author | Stefan Tomanek <stefan.tomanek@wertarbyte.de> | 2011-03-08 22:42:51 +0100 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2011-03-08 23:12:05 +0100 |
| commit | d59b9db031abee37a9aa9776662dd15370faabf4 (patch) | |
| tree | 47481f2b5f1afbc122f494beca1375de661c1160 /libiptc/libip6tc.c | |
| parent | 9cc4f24e72f87ca191c2e723e7cd293f6477481c (diff) | |
iptables: add -C to check for existing rules
It is often useful to check whether a specific rule is already present
in a chain without actually modifying the iptables config.
Services like fail2ban usually employ techniques like grepping through
the output of "iptables -L" which is quite error prone.
This patch adds a new operation -C to the iptables command which
mostly works like -D; it can detect and indicate the existence of the
specified rule by modifying the exit code. The new operation
TC_CHECK_ENTRY uses the same code as the -D operation, whose functions
got a dry-run parameter appended.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'libiptc/libip6tc.c')
| -rw-r--r-- | libiptc/libip6tc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c index 27fe4c4e..c1508cd5 100644 --- a/libiptc/libip6tc.c +++ b/libiptc/libip6tc.c @@ -71,6 +71,7 @@ typedef unsigned int socklen_t; #define TC_INSERT_ENTRY ip6tc_insert_entry #define TC_REPLACE_ENTRY ip6tc_replace_entry #define TC_APPEND_ENTRY ip6tc_append_entry +#define TC_CHECK_ENTRY ip6tc_check_entry #define TC_DELETE_ENTRY ip6tc_delete_entry #define TC_DELETE_NUM_ENTRY ip6tc_delete_num_entry #define TC_FLUSH_ENTRIES ip6tc_flush_entries |