--On Dienstag, Juli 04, 2006 18:56:44 +0200 martin f krafft
<[EMAIL PROTECTED]> wrote:
[...]
I understand the fundamental issue very well.
The things that can go wrong here are:
- I accidentally delete or comment out one of the drop rules
- "drop ! NEW" doesn't do the same as "!drop NEW" due to a bug
- the universe folds in on itself
Are there any other ones I am overlooking?
How about "One rule fails to load for obscure reasons." ?
There might be a syntax change in a future release which conflicts with one
of your rules. Or an extension might not be available after a kernel
upgrade and cause one rule to fail to load. The invocation of iptables
loading one rule might fail because some other process temporarily consumes
to many ressources. This is no exhaustive list ...
Ralf Döblitz