iptables.go: Add support for ListWithCounters method

  This will include the inlined '-c' counters generated by 'iptables -v -S'
  Note: '-v' must come before '-S' otherwise a 'Bad argument' is thrown

iptables/iptables.go

@@ -142,6 +142,12 @@ func (ipt *IPTables) List(table, chain string) ([]string, error) {
 	return ipt.executeList(args)
 }
 
+// List rules (with counters) in specified table/chain
+func (ipt *IPTables) ListWithCounters(table, chain string) ([]string, error) {
+	args := []string{"-t", table, "-v", "-S", chain}
+	return ipt.executeList(args)
+}
+
 // ListChains returns a slice containing the name of each chain in the specified table.
 func (ipt *IPTables) ListChains(table string) ([]string, error) {
 	args := []string{"-t", table, "-S"}

iptables/iptables_test.go

@@ -251,6 +251,22 @@ func runRulesTests(t *testing.T, ipt *IPTables) {
 		t.Fatalf("List mismatch: \ngot  %#v \nneed %#v", rules, expected)
 	}
 
+	rules, err = ipt.ListWithCounters("filter", chain)
+	if err != nil {
+		t.Fatalf("ListWithCounters failed: %v", err)
+	}
+
+	expected = []string{
+		"-N " + chain,
+		"-A " + chain + " -s " + subnet1 + " -d " + address1 + " -c 0 0 -j ACCEPT",
+		"-A " + chain + " -s " + subnet2 + " -d " + address2 + " -c 0 0 -j ACCEPT",
+		"-A " + chain + " -s " + subnet2 + " -d " + address1 + " -c 0 0 -j ACCEPT",
+	}
+
+	if !reflect.DeepEqual(rules, expected) {
+		t.Fatalf("ListWithCounters mismatch: \ngot  %#v \nneed %#v", rules, expected)
+	}
+
 	// Clear the chain that was created.
 	err = ipt.ClearChain("filter", chain)
 	if err != nil {