Hi! I'm trying to figure out how to prepend rules into the INPUT/OUTPUT chains. The way I see it, you do
1. getsockopt IPT_SO_GET_INFO and IPT_SO_GET_ENTRIES to get current entries in chain. 2. construct a ``struct ipt_entry'' with the new rule. 3. construct a ``struct ipt_replace'' entry with new entry + old entries. 4. do setsockopt IPT_SO_SET_REPLACE to insert new entry in the chain. Now, what I can't figure out is what those hook_entry and underflow arrays in ``struct ipt_replace'' are used for and what offsets I need to put in them. Also, I see that iptables goes and appends elems entries for some of the struct ipt_entry entries. When do I need to do that and is it necessary for simple rules like these: -I INPUT -d net/mask -i eth0 -I OUTPUT -s net/mask -o eth1 -I INPUT -d net/mask -p tcp --source-port 23 -i eth0 etc. I don't see why any additional info would be necessary since you can fit all that info in the the ``struct ipt_ip'' field. PS: Please CC me when replying. I'm not subscribed to the list. -- Regards Abraham Well, O.K. I'll compromise with my principles because of EXISTENTIAL DESPAIR! __________________________________________________________ Abraham vd Merwe - 2d3D, Inc. Device Driver Development, Outsourcing, Embedded Systems Cell: +27 82 565 4451 Snailmail: Tel: +27 21 761 7549 Block C, Aintree Park Fax: +27 21 761 7648 Doncaster Road Email: [EMAIL PROTECTED] Kenilworth, 7700 Http: http://www.2d3d.com South Africa
msg01604/pgp00000.pgp
Description: PGP signature
