On Mon, Jun 06, 2011 at 11:59:21AM -0400, seth vidal wrote:
>
> iptables-save has -c option and it appears it is defaulting to on your
> system?
>
> take a look at the man page:
> -c, --counters
> include the current values of all packet and byte counters in
> the output
"iptables-save -c" gives me per rule counters as in:
[21:1260] -A RH-Firewall-1-INPUT -i eth1 -p tcp -m state --state NEW -m
tcp --dport 22 -j ACCEPT
this is not defaulting to on. The problem I have is that iptables-save
(without -c) gives me the chain counters:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7568359:2744381371]
:RH-Firewall-1-INPUT - [0:0]
and OUTPUT ACCEPT is always changing. Also it gives the
timestamps in commented out lines, which also is noise for
func-inventory. So every host is daily adding something like
the following:
-# Generated by iptables-save v1.3.5 on Fri Jun 3 14:57:06 2011
+# Generated by iptables-save v1.3.5 on Fri Jun 3 15:08:54 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [26377:4434694]
+:OUTPUT ACCEPT [29222:4961577]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
@@ -22,4 +22,4 @@
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "FIREWALL: "
--log-level 6
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
-# Completed on Fri Jun 3 14:57:06 2011
+# Completed on Fri Jun 3 15:08:54 2011
> b/c it seems to be behaving on mine.
You're not seeing these timestamps or counters ?
-jf
_______________________________________________
Func-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/func-list
