The best way to check if a custom iptables chain exists.

Question

The best way to check if a custom iptables chain exists.

I am trying to programmatically create custom chains and delete them in iptables. I was wondering what is the best way to check if a user chain exists and does not create one.

+5

bash shell iptables

nashr rafeeg May 27 '12 at 17:22

source share

1 answer

camh · Accepted Answer · 2012-05-28T12:23:47+0000

Use iptables(8)to list the chain by redirecting stdout / stderr to /dev/null, and check the exit code. If the chain exists, it iptableswill come out of the truth.

This shell function from my iptables script interface:

chain_exists()
{
    [ $# -lt 1 -o $# -gt 2 ] && { 
        echo "Usage: chain_exists <chain_name> [table]" >&2
        return 1
    }
    local chain_name="$1" ; shift
    [ $# -eq 1 ] && local table="--table $1"
    iptables $table -n --list "$chain_name" >/dev/null 2>&1
}

Please note that I am using the parameter -n, so iptables is not trying to resolve IP addresses for host names. Without this, you will find that this feature will be slow.

:

chain_exists foo || create_chain foo ...

create_chain - . iptables, , .

The best way to check if a custom iptables chain exists.

More articles: