$ /usr/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT #include <unistd.h

1. $ /usr/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
2.  
3. #include <unistd.h>
4. int main() {
5. char *args[6];
6. args[0] = "/usr/sbin/iptables";
7. args[1] = "-I INPUT";
8. args[2] = "-p tcp";
9. args[3] = "--dport 80";
10. args[4] = "-j ACCEPT";
11. args[5] = NULL;
12. execve(args[0], args, NULL);
13. }
14.  
15. $ ./code
16. iptables v1.4.6: unknown protocol ` tcp' specified
17. Try `iptables -h' or 'iptables --help' for more information.
18.  
19. #include <unistd.h>
20. int main() {
21. char *args[6];
22. args[0] = "/usr/sbin/iptables";
23. args[1] = "-I INPUT";
24. args[2] = "-ptcp";
25. args[3] = "--dport 80";
26. args[4] = "-j ACCEPT";
27. args[5] = NULL;
28. execve(args[0], args, NULL);
29. }
30.  
31. $./code
32. iptables v1.4.6: unknown option `--dport 80'
33. Try `iptables -h' or 'iptables --help' for more information.
34.  
35. $ iptables --help
36. iptables v1.4.6
37.  
38. Usage: iptables -[AD] chain rule-specification [options]
39. iptables -I chain [rulenum] rule-specification [options]
40. iptables -R chain rulenum rule-specification [options]
41. iptables -D chain rulenum [options]
42. iptables -[LS] [chain [rulenum]] [options]
43. iptables -[FZ] [chain] [options]
44. iptables -[NX] chain
45. iptables -E old-chain-name new-chain-name
46. iptables -P chain target [options]
47. iptables -h (print this help information)
48.  
49. Commands:
50. Either long or short options are allowed.
51. --append -A chain Append to chain
52. --delete -D chain Delete matching rule from chain
53. --delete -D chain rulenum
54. Delete rule rulenum (1 = first) from chain
55. --insert -I chain [rulenum]
56. Insert in chain as rulenum (default 1=first)
57. --replace -R chain rulenum
58. Replace rule rulenum (1 = first) in chain
59. --list -L [chain [rulenum]]
60. List the rules in a chain or all chains
61. --list-rules -S [chain [rulenum]]
62. Print the rules in a chain or all chains
63. --flush -F [chain] Delete all rules in chain or all chains
64. --zero -Z [chain [rulenum]]
65. Zero counters in chain or all chains
66. --new -N chain Create a new user-defined chain
67. --delete-chain
68. -X [chain] Delete a user-defined chain
69. --policy -P chain target
70. Change policy on chain to target
71. --rename-chain
72. -E old-chain new-chain
73. Change chain name, (moving any references)
74. Options:
75. [!] --proto -p proto protocol: by number or name, eg. `tcp'
76. [!] --source -s address[/mask][...]
77. source specification
78. [!] --destination -d address[/mask][...]
79. destination specification
80. [!] --in-interface -i input name[+]
81. network interface name ([+] for wildcard)
82. --jump -j target
83. target for rule (may load target extension)
84. --goto -g chain
85. jump to chain with no return
86. --match -m match
87. extended match (may load extension)
88. --numeric -n numeric output of addresses and ports
89. [!] --out-interface -o output name[+]
90. network interface name ([+] for wildcard)
91. --table -t table table to manipulate (default: `filter')
92. --verbose -v verbose mode
93. --line-numbers print line numbers when listing
94. --exact -x expand numbers (display exact values)
95. [!] --fragment -f match second or further fragments only
96. --modprobe=<command> try to insert modules using this command
97. --set-counters PKTS BYTES set the counter during insert/append
98. [!] --version -V print package version.
99.  
100. #include <unistd.h>
101. int main() {
102. char *args[10];
103. int i = 0;
104. args[i++] = "/usr/sbin/iptables";
105. args[i++] = "-I";
106. args[i++] = "INPUT";
107. args[i++] = "-p";
108. args[i++] = "tcp";
109. args[i++] = "--dport";
110. args[i++] = "80";
111. args[i++] = "-j";
112. args[i++] = "ACCEPT";
113. args[i++] = NULL;
114. execve(args[0], args, NULL);
115. }