Menu
I need to control inbound and outbound traffic to/from a linux box from within a C++ program. I could call iptables from within my program, but I'd much rather cut out the middle man and access the kernel API functions myself.
I believe I need to use libnfnetlink, however, I have not been able to find any API documentation or example programs.
The rules I need to construct are fairly simple - things like dropping packets with a destination port equal to X etc. I do NOT intend to write a full firewall application.
can anyone suggest a better approach, or provide a link to some documentation or example apps? I'd rather avoid reading the iptables code, but i guess I may have to, if I can't find any better resources.
745
Types of Chains of iptablesOUTPUT: OUTPUT chains used for locally produced packets, specified to be set outside. PREROUTING: PREROUTING chains are used for changing packets as these packets arrive. POSTROUTING: POSTROUTING chains are used for changing packets as these packets are leaving.
Among the advantages of nftables over iptables is less code duplication and easier extension to new protocols.
There may be some confusion about the difference between Netfilter and iptables. Netfilter is an infrastructure; it is the basic API that the Linux 2.4 kernel offers for applications that want to view and manipulate network packets. Iptables is an interface that uses Netfilter to classify and act on packets.
The ipset and iptables-nft packages have been deprecated.
An year back I was having the same requirement and probed around. But after contacting some open source kernel guys this is what I came to know -
The kernel APIs of iptables are not externalised, means to say, they are not documented APIs. In the sense, the APIs can change any moment. They should be used only by the iptables tool. they should not be used by the application developers.
-satish
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
