Hi Harald,
I wrote a small test script, but nothing went wrong. (cfr. attachment)
Is there something else I can do to help the project ?
Greets,
Bart
On Fri, 2002-03-29 at 17:30, Harald Welte wrote:
> On Fri, Mar 29, 2002 at 02:05:18PM +0100, Bart Theunissen wrote:
> > Hi,
> >
> > I have some spare time and I want to contribute to the netfilter
> > project. I saw on the TODO list that the 'log-level save/restore' needs
> > some investigation. That seems like a good opportunity to get familiar
> > with the netfilter code. Can someone give me a bit more info about what
> > is going wrong with the 'log-level save/restore' ?
>
> First of all, thanks for the willingness to support the netfilter/iptables
> project.
>
> I'm not sure if this TDOO item is still valid.
>
> To investigate:
>
> Try to insert -j LOG rules with different numerically and string --log-level
> parameter. Then use
>
> iptables-save > file
> iptables-restore < file
>
> and see if the rules are restored correctly.
>
> > Greets,
> > Bart
>
> --
> Live long and prosper
> - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
> ============================================================================
> GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+
> V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
iptables -t filter --flush
iptables -t nat --flush
iptables -t mangle --flush
# filter
for i in 0 1 2 3 4 5 6 7 alert crit debug emerg error info notice panic warning
do
iptables -I INPUT -t filter -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
iptables -I FORWARD -t filter -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
iptables -I OUTPUT -t filter -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
done
# nat
for i in 0 1 2 3 4 5 6 7 alert crit debug emerg error info notice panic warning
do
iptables -I PREROUTING -t nat -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
iptables -I POSTROUTING -t nat -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
iptables -I OUTPUT -t nat -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
done
# mangle
for i in 0 1 2 3 4 5 6 7 alert crit debug emerg error info notice panic warning
do
iptables -I INPUT -t mangle -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
iptables -I FORWARD -t mangle -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
iptables -I OUTPUT -t mangle -p tcp --dport 2 -j LOG --log-prefix ${i}" " --log-level ${i}
done
# save
iptables-save > /tmp/saved1.ipt
iptables -L -t filter > /tmp/list1.ipt
iptables -L -t nat >> /tmp/list1.ipt
iptables -L -t mangle >> /tmp/list1.ipt
# flush
iptables -t filter --flush
iptables -t nat --flush
iptables -t mangle --flush
# restore
cat /tmp/saved1.ipt | iptables-restore
# save again
iptables-save > /tmp/saved2.ipt
iptables -L -t filter > /tmp/list2.ipt
iptables -L -t nat >> /tmp/list2.ipt
iptables -L -t mangle >> /tmp/list2.ipt
# test
diff -u /tmp/saved1.ipt /tmp/saved2.ipt
diff -u /tmp/list1.ipt /tmp/list2.ipt
