iptables: add -C to check for existing rules It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit: d59b9db031abee37a9aa9776662dd15370faabf4 [log] [tgz]
author: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Tue Mar 08 22:42:51 2011 +0100
committer: Jan Engelhardt <jengelh@medozas.de> Tue Mar 08 23:12:05 2011 +0100
tree: 47481f2b5f1afbc122f494beca1375de661c1160
parent: 9cc4f24e72f87ca191c2e723e7cd293f6477481c [diff] [blame]
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 27fe4c4..c1508cd 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c

@@ -71,6 +71,7 @@
 #define TC_INSERT_ENTRY		ip6tc_insert_entry
 #define TC_REPLACE_ENTRY	ip6tc_replace_entry
 #define TC_APPEND_ENTRY		ip6tc_append_entry
+#define TC_CHECK_ENTRY		ip6tc_check_entry
 #define TC_DELETE_ENTRY		ip6tc_delete_entry
 #define TC_DELETE_NUM_ENTRY	ip6tc_delete_num_entry
 #define TC_FLUSH_ENTRIES	ip6tc_flush_entries
commit	d59b9db031abee37a9aa9776662dd15370faabf4	[log] [tgz]
author	Stefan Tomanek <stefan.tomanek@wertarbyte.de>	Tue Mar 08 22:42:51 2011 +0100
committer	Jan Engelhardt <jengelh@medozas.de>	Tue Mar 08 23:12:05 2011 +0100
tree	47481f2b5f1afbc122f494beca1375de661c1160
parent	9cc4f24e72f87ca191c2e723e7cd293f6477481c [diff] [blame]