Fedora Linux Support Community & Resources Center
Old 21st July 2008, 12:30 PM
Ivang Offline
Registered User
Join Date: Jul 2008
Posts: 3
IPTABLE rules validation

Hi I am planning to build firewall UI for iptables command line. Can anyone please let me know is there any way to automatically validate the rules in the table.

For instance , intially
1> i add a rule to drop telnet connections from anywhere.
2>then i add a rule to accept telnet connections from anywhere.

for 2nd rule currently i delete the first rule by searching in the table and then add the 2nd rule.

So in the above case, is there a way by which i can say to delete the 1st rule automatically as its exactly inverse of 2nd one.

Please let me know.

Best Regards,
Reply With Quote
Old 21st July 2008, 01:34 PM
MSK61 Offline
Registered User
Join Date: May 2008
Location: Giza, Egypt
Age: 35
Posts: 167
As far as I know, there's no such automatic way to accomplish this. What iptables does is very simple and systematic, pass the package through all the rules until it finds the first match. So in your case, any telnet connection would match the first rule, thus becomes blocked.
So I think a lot may be waiting for your smart UI to provide such a feature.
Reply With Quote
Old 21st July 2008, 01:59 PM
Posts: n/a
I'm no expert on iptables, but couldn't you match and goto another table which had a "DROP" rule, then to accomplish 2> you insert an ACCEPT rule prior to the DROP ?
Reply With Quote
Old 21st July 2008, 03:04 PM
Ivang Offline
Registered User
Join Date: Jul 2008
Posts: 3
My only concern was to remove such invalid multiple rules which otherwise would create a large set of rules in the View Iptable rules page.

what i mean is, when user tries to see the iptable rules, he might see a big list of which few might be invalid because of others getting matched before them.

So i was looking at someway to clean up the iptable list.

Thanks for your inputs,
Reply With Quote
Old 21st July 2008, 04:03 PM
Ivang Offline
Registered User
Join Date: Jul 2008
Posts: 3
Is there an easy way to parse iptables-L command or iptables-save output to determine these:
interface device, protocol, source address, source port, destination address, ..etc

I saw the iptable-xml.c at which converts iptables-save command output to XML

Any other pointers would be really helpful.

Best Regards,
Reply With Quote

iptable, rules, validation

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLE rules for active/passive ftp rahul.tidke Servers & Networking 0 13th November 2007 10:06 AM
FC4 Flushes IpTable Rules gctech Using Fedora 3 3rd October 2006 05:35 AM
not able to save iptable rules ascheucher Servers & Networking 2 29th June 2005 09:35 AM

Current GMT-time: 15:15 (Friday, 22-09-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat