http://www.linuxformat.com/forums/index.php Help, discussion, magazine feedback and more english (c) Copyright Thu May 23, 2013 8:18 am by Linux Format forums webmaster@linuxformat.com webmaster@linuxformat.com Thu May 23, 2013 8:18 am Thu May 23, 2013 8:18 am http://backend.userland.com/rss phpBB2 RSS Syndication Mod by Lucas 1 http://www.linuxformat.com/forums/ Help, discussion, magazine feedback and more http://www.linuxformat.com/forums/viewtopic.php?p=2176#2176 <br /> Author: <a href='http://www.linuxformat.com/forums/profile.php?mode=viewprofile&u=133'>jjmac</a><br /><br /> Posted: Mon May 23, 2005 11:32 am<br /><br /> <br /><br /> &gt;&gt;<br /> Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables &amp; am wanting to test FORWARD rules allowing access from networks that I have no access to.<br /> &gt;&gt;<br /> <br /> There dosen't appear to be a dedecated check facility listed in the man page. But it sounds like it should have. Using some sought of loop-back facility i would think.<br /> <br /> But i'm not sure if i'm following you with your reason.. I though a 'FORWARD'rule would be for passing on packets to another location. As would be used by a gateway. If you want to govern the access condition of other networks, wouldn't that involve the 'INPUT' chain first. And then the FORWARD target, depending on the kind of match. Or do you mean just passing on networks that you don't want to access your network ... if they should come by ???<br /> <br /> I'd create a seperate chain for rule testing though. And insert an initial rule to jump to it in the FORWARD chain. Then you could just remove/insert that one rule to include the whole set in the testing chain.<br /> <br /> I suppose, if you set it up for a specific external box/network, and use that as a specific rule match, that could pass for a testing method. You would just need a someone with their own network set up that they could lend.<br /> <br /> <br /> jm<br /> <br /> </span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>Code:</b></span></td> </tr> <tr> <td class="code"><br /> <br /> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;-&#58;-&nbsp; If the system is the answer, then the question <br /> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; must have been really stupid&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; -&#58;-<br /> </td> </tr></table><span class="postbody"> http://www.linuxformat.com/forums/viewtopic.php?p=2176#2176 jjmac Mon May 23, 2005 11:32 am http://www.linuxformat.com/forums/viewtopic.php?p=2176#2176 http://www.linuxformat.com/forums/viewtopic.php?p=2166#2166 <br /> Author: <a href='http://www.linuxformat.com/forums/profile.php?mode=viewprofile&u=610'>smita034</a><br /><br /> Posted: Mon May 23, 2005 10:00 am<br /><br /> <br /><br /> You can list all the current rules using iptables -L it will split them into groups and output it quite neatly, as for testing it, only way i know of is to use it....<br /> <br /> Hope that helps a little http://www.linuxformat.com/forums/viewtopic.php?p=2166#2166 smita034 Mon May 23, 2005 10:00 am http://www.linuxformat.com/forums/viewtopic.php?p=2166#2166 http://www.linuxformat.com/forums/viewtopic.php?p=2133#2133 <br /> Author: <a href='http://www.linuxformat.com/forums/profile.php?mode=viewprofile&u=-1'>Anonymous</a><br /><br /> Posted: Sun May 22, 2005 4:06 pm<br /><br /> <br /><br /> Hi<br /> <br /> Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables &amp; am wanting to test FORWARD rules allowing access from networks that I have no access to. <br /> <br /> Anbody got any ideas how I would test this if there's no replacement for -C??<br /> <br /> Much appreciated<br /> <br /> Stuibby http://www.linuxformat.com/forums/viewtopic.php?p=2133#2133 Anonymous Sun May 22, 2005 4:06 pm http://www.linuxformat.com/forums/viewtopic.php?p=2133#2133