From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Hal Moroff" Subject: Trying to use libiptc Date: Mon, 12 Feb 2007 14:51:13 -0800 Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org I've seen no references to libiptc anywhere, perhaps this is out of date/outmoded? I'm trying to create rules dynamically from within a C program. I can create and query chains, but can't seem to create rules for that chain. I haven't been able to find any sample code doing anything like this. Here's a stripped down sample of my code: #include #include #include #include int main( int argc, char * argv[] ) { iptc_handle_t ipH; struct ipt_entry e; char * chain = "mychain"; if( (ipH = iptc_init("filter")) ) printf("init succeeded\n"); if( iptc_create_chain(chain, &ipH) ) printf("created chain <%s>\n", chain); if( iptc_commit(&ipH) ) printf("committed newly created chain\n"); if( (ipH = iptc_init("filter")) ) printf("(re)init succeeded\n"); memset(&e, 0, sizeof(e)); inet_aton( "192.168.1.114", &e.ip.src ); inet_aton( "192.168.2.2", &e.ip.dst ); inet_aton( "255.255.255.0", &e.ip.dmsk ); strncpy(e.ip.iniface, "eth0", sizeof(e.ip.iniface) ); strncpy(e.ip.outiface, "eth1", sizeof(e.ip.outiface)); e.ip.proto = 8; if( iptc_insert_entry("mychain", &e, 0, &ipH) == 0 ) { printf("insert entry failed\n"); exit(-1); } printf("insert entry succeeded\n"); if( ! iptc_commit( &ipH ) ) { printf("new entry commit failed: %s\n", iptc_strerror(errno)); exit(-1); } printf("new entry commit succeeded\n"); } When I run I get this: ~/work/iptc# ./simple init succeeded created chain committed newly created chain (re)init succeeded insert entry succeeded new entry commit failed: Target problem