Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Rainer Weikusat Newsgroups: comp.os.linux.development.system Subject: Re: Question using libiptc Date: Thu, 24 Oct 2013 22:37:15 +0100 Lines: 20 Message-ID: <87zjpyfj04.fsf@sable.mobileactivedefense.com> References: <1c6b1c19-53c5-4659-97d9-47daaded9532@googlegroups.com> <87y55iflok.fsf@araminta.anjou.terraraq.org.uk> <79a8f6ad-b098-4dba-a14b-32abfe513a1a@googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: individual.net DwmuCZjz/oC8XIOwTjWs5w81LcHWyjIk2Jnky9KtB170fGuAk= Cancel-Lock: sha1:EftCNiGvvnp8hN3YcWd6gIpvTs8= sha1:sfBqpVchlboyBgXNe7eo1IvNZPs= User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) Xref: csiph.com comp.os.linux.development.system:563 Jeremy Brown writes: >> Inspect the source to iptables and see what it does? > > > Hmmm... actually I am, are you familiar with that code enough that you > could actually answer questions or will they be more of the same > helpful suggestions? Ehh ... sorry ... but iptables has code demonstrating how create a firewall rule jumping to an extension target. I'm not particularly familiar with this code as I have added only 1 - 2 new features to it but it isn't that complicated, just fairly byzantine. Judgeing from the code of the version I looked at (1.4.8, used in the product of my employer), you will need the extension code for any extension you want to use in addition to the libiptc code. This means the short answer to your problem statement is: Use iptables.