From bb34082de25ec7fb6bffe5702062f087ca887466 Mon Sep 17 00:00:00 2001
From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Tue, 13 May 2008 13:09:23 +0200
Subject: iptables --list chain rulenum

Excent --list (and --list-rules) to allow selection of a single rule
number

iptables --list INPUT 4
iptables --list-rules INPUT 4

list rule number 4 in INPUT.

Henrik Nordstrom <henrik@henriknordstrom.net>
---
 iptables.c | 46 +++++++++++++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 15 deletions(-)

(limited to 'iptables.c')

diff --git a/iptables.c b/iptables.c
index 98db70fc..f2a7d25e 100644
--- a/iptables.c
+++ b/iptables.c
@@ -285,14 +285,15 @@ exit_printhelp(struct iptables_rule_match *matches)
 "Usage: %s -[AD] chain rule-specification [options]\n"
 "       %s -[RI] chain rulenum rule-specification [options]\n"
 "       %s -D chain rulenum [options]\n"
-"       %s -[LFZ] [chain] [options]\n"
+"       %s -[LS] [chain [rulenum]] [options]\n"
+"       %s -[FZ] [chain] [options]\n"
 "       %s -[NX] chain\n"
 "       %s -E old-chain-name new-chain-name\n"
 "       %s -P chain target [options]\n"
 "       %s -h (print this help information)\n\n",
 	       program_name, program_version, program_name, program_name,
 	       program_name, program_name, program_name, program_name,
-	       program_name, program_name);
+	       program_name, program_name, program_name);
 
 	printf(
 "Commands:\n"
@@ -305,9 +306,10 @@ exit_printhelp(struct iptables_rule_match *matches)
 "				Insert in chain as rulenum (default 1=first)\n"
 "  --replace -R chain rulenum\n"
 "				Replace rule rulenum (1 = first) in chain\n"
-"  --list    -L [chain]		List the rules in a chain or all chains\n"
-"  --list-rules\n"
-"            -S [chain]         Print the rules in a chain or all chains\n"
+"  --list    -L [chain [rulenum]]\n"
+"				List the rules in a chain or all chains\n"
+"  --list-rules -S [chain [rulenum]]\n"
+"				Print the rules in a chain or all chains\n"
 "  --flush   -F [chain]		Delete all rules in  chain or all chains\n"
 "  --zero    -Z [chain]		Zero counters in chain or all chains\n"
 "  --new     -N chain		Create a new user-defined chain\n"
@@ -1054,7 +1056,7 @@ delete_chain(const ipt_chainlabel chain, int verbose,
 }
 
 static int
-list_entries(const ipt_chainlabel chain, int verbose, int numeric,
+list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric,
 	     int expanded, int linenumbers, iptc_handle_t *handle)
 {
 	int found = 0;
@@ -1087,16 +1089,19 @@ list_entries(const ipt_chainlabel chain, int verbose, int numeric,
 
 		if (found) printf("\n");
 
-		print_header(format, this, handle);
+		if (!rulenum)
+			print_header(format, this, handle);
 		i = iptc_first_rule(this, handle);
 
 		num = 0;
 		while (i) {
-			print_firewall(i,
-				       iptc_get_target(i, handle),
-				       num++,
-				       format,
-				       *handle);
+			num++;
+			if (!rulenum || num == rulenum)
+				print_firewall(i,
+					       iptc_get_target(i, handle),
+					       num,
+					       format,
+					       *handle);
 			i = iptc_next_rule(i, handle);
 		}
 		found = 1;
@@ -1300,7 +1305,7 @@ void print_rule(const struct ipt_entry *e,
 }
 
 static int
-list_rules(const ipt_chainlabel chain, int counters,
+list_rules(const ipt_chainlabel chain, int rulenum, int counters,
 	     iptc_handle_t *handle)
 {
 	const char *this = NULL;
@@ -1311,7 +1316,7 @@ list_rules(const ipt_chainlabel chain, int counters,
 
 	/* Dump out chain names first,
 	 * thereby preventing dependency conflicts */
-	for (this = iptc_first_chain(handle);
+	if (!rulenum) for (this = iptc_first_chain(handle);
 	     this;
 	     this = iptc_next_chain(handle)) {
 		if (chain && strcmp(this, chain) != 0)
@@ -1332,6 +1337,7 @@ list_rules(const ipt_chainlabel chain, int counters,
 	     this;
 	     this = iptc_next_chain(handle)) {
 		const struct ipt_entry *e;
+		int num = 0;
 
 		if (chain && strcmp(this, chain) != 0)
 			continue;
@@ -1339,7 +1345,9 @@ list_rules(const ipt_chainlabel chain, int counters,
 		/* Dump out rules */
 		e = iptc_first_rule(this, handle);
 		while(e) {
-			print_rule(e, handle, this, counters);
+			num++;
+			if (!rulenum || num == rulenum)
+			    print_rule(e, handle, this, counters);
 			e = iptc_next_rule(e, handle);
 		}
 		found = 1;
@@ -1519,6 +1527,9 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 			else if (optind < argc && argv[optind][0] != '-'
 				 && argv[optind][0] != '!')
 				chain = argv[optind++];
+			if (optind < argc && argv[optind][0] != '-'
+			    && argv[optind][0] != '!')
+				rulenum = parse_rulenumber(argv[optind++]);
 			break;
 
 		case 'S':
@@ -1528,6 +1539,9 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 			else if (optind < argc && argv[optind][0] != '-'
 				 && argv[optind][0] != '!')
 				chain = argv[optind++];
+			if (optind < argc && argv[optind][0] != '-'
+			    && argv[optind][0] != '!')
+				rulenum = parse_rulenumber(argv[optind++]);
 			break;
 
 		case 'F':
@@ -2073,6 +2087,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 	case CMD_LIST:
 	case CMD_LIST|CMD_ZERO:
 		ret = list_entries(chain,
+				   rulenum,
 				   options&OPT_VERBOSE,
 				   options&OPT_NUMERIC,
 				   options&OPT_EXPANDED,
@@ -2085,6 +2100,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 	case CMD_LIST_RULES:
 	case CMD_LIST_RULES|CMD_ZERO:
 		ret = list_rules(chain,
+				   rulenum,
 				   options&OPT_VERBOSE,
 				   handle);
 		if (ret && (command & CMD_ZERO))
-- 
cgit v1.2.3