in cazul asta la tine toate regulile se termina cu -j LOG/RETURN? nu toate regulile sunt "non-terminating" daca pui 2 reguli cu -j LOG o sa matchuiasca pe amandoua daca pui 2 reguli cu -j ACCEPT o sa matchuiasca doar prima oricum nu vad utilitatea unui -j LOG pus de 2 ori in acelasi chain decat daca vrei sa vezi acelasi mesaj de 2 ori.
LOG Turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all match- ing packets (like most IP header fields) via the kernel log (where it can be read with dmesg or syslogd(8)). This is a "non-terminating tar- get", i.e. rule traversal continues at the next rule. So if you want to LOG the packets you refuse, use two separate rules with the same matching criteria, first using target LOG then DROP (or REJECT). On Tue, 2004-02-24 at 14:52, Alin Nastac wrote: > Nu zau? Adica toate regulile la tine se termina cu -j ACCEPT/DENY/DROP? > > Radu Anghel wrote: > > >daca in acelasi chain ai aceeasi regula pusa de 2 sau mai multe ori nu o > >sa faca match decat pe prima -> restul sunt inutile > > > >On Tue, 2004-02-24 at 14:43, Alin Nastac wrote: > > > > > >>Si eu cind o sa-ti spun ca iptables nu se da drept mai destept decit > >>administratorul, cum crezi ca sint? > >>De unde pina unde nu am voie sa am 2 sau mai multe reguli identice > >>intr-un chain? > >> > >>Radu Radoveneanu wrote: > >> > >> > >> > >>>Alin Nastac said: > >>> > >>> > >>> > >>> > >>>>hahaha... ar putea sa-ti zica eventual RTFM!!! > >>>> > >>>>ca intotdeauna intr-un lant, pozitia e f. importanta; nu vad cum ar > >>>>trebui sa-ti interpreteze prostia asta de comanda altfel decit ceea ce > >>>>inseamna -A: "adauga regula asta la sfirsitul chain-ului". > >>>> > >>>> > >>>> > >>>> > >>>> > >>>super tare mosule, ce sa zic, m-ai dat peste cap > >>>eventual daca o sa spun ca -A era un exemplu si ca eu doresc sa-mi dea o > >>>eroare cand vreau sa adaug o regula deja existenta o sa-mi spui ca sunt > >>>dobitoc si sa-mi dai si doua palme nu ? > >>> > >>> > >>> > >>> > >>> > >> > >>--- > >>Detalii despre listele noastre de mail: http://www.lug.ro/ > >> > >> > >> > > > >-- Attached file included as plaintext by Ecartis -- > >-- File: signature.asc > >-- Desc: This is a digitally signed message part > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.2.4 (GNU/Linux) > > > >iD8DBQBAO0hkzEN+vLL1CukRAm5IAJ4t758wDU93NYFJ36mPQ5I2VPFFuQCdEcKl > >I6RWKrpJYVsrwloLNU87oJw= > >=5gdC > >-----END PGP SIGNATURE----- > > > > > > > >--- > >Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > > > > > > > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > -- Attached file included as plaintext by Ecartis -- -- File: signature.asc -- Desc: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAO0w4zEN+vLL1CukRAkgqAJ4v4DcWlzwn1kuGeG2M+J9cAtrlTQCgiWlG C+kR3W3yas9G7JKem5GovPg= =bKmy -----END PGP SIGNATURE----- --- Detalii despre listele noastre de mail: http://www.lug.ro/
