From d59b9db031abee37a9aa9776662dd15370faabf4 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek Date: Tue, 8 Mar 2011 22:42:51 +0100 Subject: iptables: add -C to check for existing rules It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek Signed-off-by: Jan Engelhardt --- ip6tables.8.in | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'ip6tables.8.in') diff --git a/ip6tables.8.in b/ip6tables.8.in index 43069343..7690ba14 100644 --- a/ip6tables.8.in +++ b/ip6tables.8.in @@ -27,8 +27,8 @@ .SH NAME ip6tables \(em IPv6 packet filter administration .SH SYNOPSIS -\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain -rule-specification\fP [\fIoptions...\fP] +\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP} +\fIchain rule-specification\fP [\fIoptions...\fP] .PP \fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP] \fIrule-specification\fP [\fIoptions...\fP] @@ -139,6 +139,12 @@ Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. .TP +\fB\-C\fP, \fB\-\-check\fP \fIchain rule-specification\fP +Check whether a rule matching the specification does exist in the +selected chain. This command uses the same logic as \fB\-D\fP to +find a matching entry, but does not alter the existing iptables +configuration and uses its exit code to indicate success or failure. +.TP \fB\-D\fP, \fB\-\-delete\fP \fIchain rule-specification\fP .ns .TP -- cgit v1.2.3