Re: Virtual packet tracer for iptables
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Le 08/06/2012 13:32, Stefan Keller a écrit :
Hi I'm quite sure that I'm not the first guy asking for such a functionality but I could not find anything in the Internet nor in the netfilter mailing list. Is there any tool or iptables extension to query the iptables rule base? What I mean is something that needs input parameters such as - source IP address - destination IP address - source Port - destination Port - incoming interface - outgoing interface - ToS - FWMARK - ... and the output is the matching rules of all tables (mangle, raw, nat and filter table). I know that the output only shows half of the truth for traffic that needs a helper such as FTP and SIP but it would be perfect for off-line analysis and for debugging purposes of our large environment. Thank you for sharing your experiences! Best regards Stefan Keller -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, not sure to understand what you mean. But you have the TRACE target who can help you."This target marks packets so that the kernel will log every rule which match the packets as those traverse the tables, chains, rules."
Hope this help. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.menil@xxxxxxxxxxxxxx Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html