Shaul Karl wrote:
a. Thanks, wasn't aware of this particular iptables feature. I'm a little dumbfounded as to when it would come in useful, but it certainly changes point b above. It should now say "How do you keep track of each rule added, knowing when to expire it and with what name".On Wed, Dec 29, 2004 at 09:52:18AM +0200, Shachar Shemesh wrote:
b. How do you account for the entire rule numbers moving around due to unexpected meddling with the rulebase. Think what happens if you have both portsentry AND portknocking installed. They both add rules that need to be expired...
No need to search for the exact rule number in order to remove a rule. One can remove a rule by its definition:
iptables -A "the winner" iptables -R "the winner"
should work too.
I still must be missing something.
b. The point to keep in mind is not whether this is difficult or not. It really is not, believe me. The real question is whether there is really a need for each one implementing port knocking to start solving these issue from scratch.
c. This is the real point. It was my itch. This is my way of scratching it. Apparently, the first announcement on freshmeat and here drew just under 58 downloads the first day, so I'm guess enough other people see it as an interesting scratch. If you don't have the itch, feel free to ignore this project. I promise I won't be offended. On the contrary, I may learn more new stuff like this iptables trick.
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
