iptables -C check command

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

iptables -C check command

Postby Stuibby » Sun May 22, 2005 3:06 pm

Hi

Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.

Anbody got any ideas how I would test this if there's no replacement for -C??

Much appreciated

Stuibby
Stuibby
 

RE: iptables -C check command

Postby smita034 » Mon May 23, 2005 9:00 am

You can list all the current rules using iptables -L it will split them into groups and output it quite neatly, as for testing it, only way i know of is to use it....

Hope that helps a little
Alex A. Smith
99% of all computer problems occur between the chair and keyboard
User avatar
smita034
 
Posts: 29
Joined: Tue Apr 26, 2005 1:13 pm
Location: Rochester, Kent, UK

RE: iptables -C check command

Postby jjmac » Mon May 23, 2005 10:32 am

>>
Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.
>>

There dosen't appear to be a dedecated check facility listed in the man page. But it sounds like it should have. Using some sought of loop-back facility i would think.

But i'm not sure if i'm following you with your reason.. I though a 'FORWARD'rule would be for passing on packets to another location. As would be used by a gateway. If you want to govern the access condition of other networks, wouldn't that involve the 'INPUT' chain first. And then the FORWARD target, depending on the kind of match. Or do you mean just passing on networks that you don't want to access your network ... if they should come by ???

I'd create a seperate chain for rule testing though. And insert an initial rule to jump to it in the FORWARD chain. Then you could just remove/insert that one rule to include the whole set in the testing chain.

I suppose, if you set it up for a specific external box/network, and use that as a specific rule match, that could pass for a testing method. You would just need a someone with their own network set up that they could lend.


jm

Code: Select all

           -:-  If the system is the answer, then the question
                        must have been really stupid            -:-
http://counter.li.org
#313537

The FVWM wm -=- www.fvwm.org -=-

Somebody stole my air guitar, It happened just the other day,
But it's ok, 'cause i've got a spare ...
jjmac
LXF regular
 
Posts: 1996
Joined: Fri Apr 08, 2005 1:32 am
Location: Sydney, Australia


Return to Help!

Who is online

Users browsing this forum: No registered users and 6 guests