Is libiptc still the preferred library for manipulating tables?

I've been trying for awhile to find this out as well.


I'm working on an appliance and I need to dynamically
insert/remove
rules based on
what's happening in the box. I prefer not to resort to
system("itpables yada yada yada")
and so have been trying to  use libiptc.  I've succeeded in
inserting
/ removing simple
rules (based only on source IP and destination IP).  I'm
struggling
now to understand
how to construct more complex matching rules (destination
port).


There's this document:
   htt
p://www.opalsoft.net/qos/libiptc/qlibiptc.html
which is incomplete, but mostly correct as far as it goes. 
I offered
to  correct some
errors in the doc, but the author's email address is
apparently invalid.


If anyone has any feedback / tips / samples I'd be
grateful.

fre 2007-05-11 klockan 18:34 -0700 skrev Hal Moroff:
> I've been trying for awhile to find this out as well.

Well.. lipiptc is not and has never been an official
interface. Has
always been considered an internal API not for reuse by
other
applications with the iptables and iptables-save/restore
commands being
the official APIs.

> I'm working on an appliance and I need to dynamically
insert/remove
> rules based on
> what's happening in the box. I prefer not to resort to
> system("itpables yada yada yada")

An alternative official interface is to popen
iptables-restore in the
noflush mode. Gives you a quite smart interface for
manipulating
iptables. Syntax is the same as iptables, execpt for how you
select
which table to manipulate.

*tablename
iptables command line, without iptables or table selection
[repeat until done with current modification]
COMMIT

Regards
Henrik