si cu ce te ajuta acea regula non-terminala daca 2 randuri mai jos va face acelasi lucru? sunt si eu de parere ca iptablesul ar trebui sa primeasca eroare de la kernel cand vrei sa apendezi/inserezi o regula identica cu una existenta si sa-ti zica ba gigele regula aia exista deja si daca nu-ti place pozitionarea ei in chain da-i cu -D si pune-o mai sus/jos cum iti place tie.
On Tue, 2004-02-24 at 15:21, Alin Nastac wrote: > Ce legatura are LOG-ul cu libertatea mea de a avea mai multe reguli > identice? Sint alte zeci de tipuri reguli non-terminale, incluzind cele > fara -j. > Oi fi si tu de parere ca iptables-ul ar trebui sa-mi dea peste mina > atunci cind vreau sa apendez a doua regula identica cu una existenta! > > Nu mai vorbesc de supraincarcarea evidenta atunci cind creezi chain-uri > cu sute/mii de reguli, doar pt ca tie iti place ca iptables-ul sa faca o > verificare de 2 lei si 15 bani! Greselile care le fac administratorii > sint departe de a fi atit de simple; in domeniul asta, iptables-ul nu > poate sa ajute cu nimic, fiind un domeniu rezervat cunostintelor celui > care seteaza acel chain. > > Si inca o data, -A inseamna append, nu "append if you don't find another > similar rule". Punct. > > Radu Anghel wrote: > > >in cazul asta la tine toate regulile se termina cu -j LOG/RETURN? > >nu toate regulile sunt "non-terminating" > >daca pui 2 reguli cu -j LOG o sa matchuiasca pe amandoua > >daca pui 2 reguli cu -j ACCEPT o sa matchuiasca doar prima > >oricum nu vad utilitatea unui -j LOG pus de 2 ori in acelasi chain decat > >daca vrei sa vezi acelasi mesaj de 2 ori. > > > >LOG > >Turn on kernel logging of matching packets. When this option is set > >for a rule, the Linux kernel will print some information on all match- > >ing packets (like most IP header fields) via the kernel log (where it > >can be read with dmesg or syslogd(8)). This is a "non-terminating tar- > >get", i.e. rule traversal continues at the next rule. So if you want > >to LOG the packets you refuse, use two separate rules with the same > >matching criteria, first using target LOG then DROP (or REJECT). > > > > > > > >On Tue, 2004-02-24 at 14:52, Alin Nastac wrote: > > > > > >>Nu zau? Adica toate regulile la tine se termina cu -j ACCEPT/DENY/DROP? > >> > >>Radu Anghel wrote: > >> > >> > >> > >>>daca in acelasi chain ai aceeasi regula pusa de 2 sau mai multe ori nu o > >>>sa faca match decat pe prima -> restul sunt inutile > >>> > >>>On Tue, 2004-02-24 at 14:43, Alin Nastac wrote: > >>> > >>> > >>> > >>> > >>>>Si eu cind o sa-ti spun ca iptables nu se da drept mai destept decit > >>>>administratorul, cum crezi ca sint? > >>>>De unde pina unde nu am voie sa am 2 sau mai multe reguli identice > >>>>intr-un chain? > >>>> > >>>>Radu Radoveneanu wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Alin Nastac said: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>hahaha... ar putea sa-ti zica eventual RTFM!!! > >>>>>> > >>>>>>ca intotdeauna intr-un lant, pozitia e f. importanta; nu vad cum ar > >>>>>>trebui sa-ti interpreteze prostia asta de comanda altfel decit ceea ce > >>>>>>inseamna -A: "adauga regula asta la sfirsitul chain-ului". > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>super tare mosule, ce sa zic, m-ai dat peste cap > >>>>>eventual daca o sa spun ca -A era un exemplu si ca eu doresc sa-mi dea o > >>>>>eroare cand vreau sa adaug o regula deja existenta o sa-mi spui ca sunt > >>>>>dobitoc si sa-mi dai si doua palme nu ? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>--- > >>>>Detalii despre listele noastre de mail: http://www.lug.ro/ > >>>> > >>>> > >>>> > >>>> > >>>> > >>>-- Attached file included as plaintext by Ecartis -- > >>>-- File: signature.asc > >>>-- Desc: This is a digitally signed message part > >>> > >>>-----BEGIN PGP SIGNATURE----- > >>>Version: GnuPG v1.2.4 (GNU/Linux) > >>> > >>>iD8DBQBAO0hkzEN+vLL1CukRAm5IAJ4t758wDU93NYFJ36mPQ5I2VPFFuQCdEcKl > >>>I6RWKrpJYVsrwloLNU87oJw= > >>>=5gdC > >>>-----END PGP SIGNATURE----- > >>> > >>> > >>> > >>>--- > >>>Detalii despre listele noastre de mail: http://www.lug.ro/ > >>> > >>> > >>> > >>> > >>> > >>> > >> > >>--- > >>Detalii despre listele noastre de mail: http://www.lug.ro/ > >> > >> > >> > > > >-- Attached file included as plaintext by Ecartis -- > >-- File: signature.asc > >-- Desc: This is a digitally signed message part > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.2.4 (GNU/Linux) > > > >iD8DBQBAO0w4zEN+vLL1CukRAkgqAJ4v4DcWlzwn1kuGeG2M+J9cAtrlTQCgiWlG > >C+kR3W3yas9G7JKem5GovPg= > >=bKmy > >-----END PGP SIGNATURE----- > > > > > > > >--- > >Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > > > > > > > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > -- Attached file included as plaintext by Ecartis -- -- File: signature.asc -- Desc: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAO1GHzEN+vLL1CukRAlMqAKCTvD03dObtSPNeYaXEJQat27in2wCeOFGU pUVUwkpisCGOQ+LepBJe7Kw= =6lg1 -----END PGP SIGNATURE----- --- Detalii despre listele noastre de mail: http://www.lug.ro/
