Linux Format forums

[Stuibby]

Hi

Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.

Anbody got any ideas how I would test this if there's no replacement for -C??

Much appreciated

Stuibby

[smita034]

You can list all the current rules using iptables -L it will split them into groups and output it quite neatly, as for testing it, only way i know of is to use it....

Hope that helps a little
_________________
Alex A. Smith
99% of all computer problems occur between the chair and keyboard

[jjmac]

>>
Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.
>>

There dosen't appear to be a dedecated check facility listed in the man page. But it sounds like it should have. Using some sought of loop-back facility i would think.

But i'm not sure if i'm following you with your reason.. I though a 'FORWARD'rule would be for passing on packets to another location. As would be used by a gateway. If you want to govern the access condition of other networks, wouldn't that involve the 'INPUT' chain first. And then the FORWARD target, depending on the kind of match. Or do you mean just passing on networks that you don't want to access your network ... if they should come by ???

I'd create a seperate chain for rule testing though. And insert an initial rule to jump to it in the FORWARD chain. Then you could just remove/insert that one rule to include the whole set in the testing chain.

I suppose, if you set it up for a specific external box/network, and use that as a specific rule match, that could pass for a testing method. You would just need a someone with their own network set up that they could lend.


jm