cu alte cuvinte libertatea ta este o libertate inutila care ocupa aiurea resurse. in alta ordine de idei ar fi frumos la iptables un ceva de genul -M(ove) [rulenum] [newposition]
On Tue, 2004-02-24 at 15:28, Radu Anghel wrote: > si cu ce te ajuta acea regula non-terminala daca 2 randuri mai jos va > face acelasi lucru? > sunt si eu de parere ca iptablesul ar trebui sa primeasca eroare de la > kernel cand vrei sa apendezi/inserezi o regula identica cu una existenta > si sa-ti zica ba gigele regula aia exista deja si daca nu-ti place > pozitionarea ei in chain da-i cu -D si pune-o mai sus/jos cum iti place > tie. > > > On Tue, 2004-02-24 at 15:21, Alin Nastac wrote: > > Ce legatura are LOG-ul cu libertatea mea de a avea mai multe reguli > > identice? Sint alte zeci de tipuri reguli non-terminale, incluzind cele > > fara -j. > > Oi fi si tu de parere ca iptables-ul ar trebui sa-mi dea peste mina > > atunci cind vreau sa apendez a doua regula identica cu una existenta! > > > > Nu mai vorbesc de supraincarcarea evidenta atunci cind creezi chain-uri > > cu sute/mii de reguli, doar pt ca tie iti place ca iptables-ul sa faca o > > verificare de 2 lei si 15 bani! Greselile care le fac administratorii > > sint departe de a fi atit de simple; in domeniul asta, iptables-ul nu > > poate sa ajute cu nimic, fiind un domeniu rezervat cunostintelor celui > > care seteaza acel chain. > > > > Si inca o data, -A inseamna append, nu "append if you don't find another > > similar rule". Punct. > > > > Radu Anghel wrote: > > > > >in cazul asta la tine toate regulile se termina cu -j LOG/RETURN? > > >nu toate regulile sunt "non-terminating" > > >daca pui 2 reguli cu -j LOG o sa matchuiasca pe amandoua > > >daca pui 2 reguli cu -j ACCEPT o sa matchuiasca doar prima > > >oricum nu vad utilitatea unui -j LOG pus de 2 ori in acelasi chain decat > > >daca vrei sa vezi acelasi mesaj de 2 ori. > > > > > >LOG > > >Turn on kernel logging of matching packets. When this option is set > > >for a rule, the Linux kernel will print some information on all match- > > >ing packets (like most IP header fields) via the kernel log (where it > > >can be read with dmesg or syslogd(8)). This is a "non-terminating tar- > > >get", i.e. rule traversal continues at the next rule. So if you want > > >to LOG the packets you refuse, use two separate rules with the same > > >matching criteria, first using target LOG then DROP (or REJECT). > > > > > > > > > > > >On Tue, 2004-02-24 at 14:52, Alin Nastac wrote: > > > > > > > > >>Nu zau? Adica toate regulile la tine se termina cu -j ACCEPT/DENY/DROP? > > >> > > >>Radu Anghel wrote: > > >> > > >> > > >> > > >>>daca in acelasi chain ai aceeasi regula pusa de 2 sau mai multe ori nu o > > >>>sa faca match decat pe prima -> restul sunt inutile > > >>> > > >>>On Tue, 2004-02-24 at 14:43, Alin Nastac wrote: > > >>> > > >>> > > >>> > > >>> > > >>>>Si eu cind o sa-ti spun ca iptables nu se da drept mai destept decit > > >>>>administratorul, cum crezi ca sint? > > >>>>De unde pina unde nu am voie sa am 2 sau mai multe reguli identice > > >>>>intr-un chain? > > >>>> > > >>>>Radu Radoveneanu wrote: > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>>>Alin Nastac said: > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>>>hahaha... ar putea sa-ti zica eventual RTFM!!! > > >>>>>> > > >>>>>>ca intotdeauna intr-un lant, pozitia e f. importanta; nu vad cum ar > > >>>>>>trebui sa-ti interpreteze prostia asta de comanda altfel decit ceea ce > > >>>>>>inseamna -A: "adauga regula asta la sfirsitul chain-ului". > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>super tare mosule, ce sa zic, m-ai dat peste cap > > >>>>>eventual daca o sa spun ca -A era un exemplu si ca eu doresc sa-mi dea o > > >>>>>eroare cand vreau sa adaug o regula deja existenta o sa-mi spui ca sunt > > >>>>>dobitoc si sa-mi dai si doua palme nu ? > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>--- > > >>>>Detalii despre listele noastre de mail: http://www.lug.ro/ > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>-- Attached file included as plaintext by Ecartis -- > > >>>-- File: signature.asc > > >>>-- Desc: This is a digitally signed message part > > >>> > > >>>-----BEGIN PGP SIGNATURE----- > > >>>Version: GnuPG v1.2.4 (GNU/Linux) > > >>> > > >>>iD8DBQBAO0hkzEN+vLL1CukRAm5IAJ4t758wDU93NYFJ36mPQ5I2VPFFuQCdEcKl > > >>>I6RWKrpJYVsrwloLNU87oJw= > > >>>=5gdC > > >>>-----END PGP SIGNATURE----- > > >>> > > >>> > > >>> > > >>>--- > > >>>Detalii despre listele noastre de mail: http://www.lug.ro/ > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >> > > >>--- > > >>Detalii despre listele noastre de mail: http://www.lug.ro/ > > >> > > >> > > >> > > > > > >-- Attached file included as plaintext by Ecartis -- > > >-- File: signature.asc > > >-- Desc: This is a digitally signed message part > > > > > >-----BEGIN PGP SIGNATURE----- > > >Version: GnuPG v1.2.4 (GNU/Linux) > > > > > >iD8DBQBAO0w4zEN+vLL1CukRAkgqAJ4v4DcWlzwn1kuGeG2M+J9cAtrlTQCgiWlG > > >C+kR3W3yas9G7JKem5GovPg= > > >=bKmy > > >-----END PGP SIGNATURE----- > > > > > > > > > > > >--- > > >Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > > > > > > > > > > > > > > > > > --- > > Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > -- Attached file included as plaintext by Ecartis -- > -- File: signature.asc > -- Desc: This is a digitally signed message part > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQBAO1GHzEN+vLL1CukRAlMqAKCTvD03dObtSPNeYaXEJQat27in2wCeOFGU > pUVUwkpisCGOQ+LepBJe7Kw= > =6lg1 > -----END PGP SIGNATURE----- > > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > -- Attached file included as plaintext by Ecartis -- -- File: signature.asc -- Desc: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAO1QZzEN+vLL1CukRAi9RAJ4ipeokDaRxxkEl1pT4XwWEbMuiewCeLXqg iiANr3V8ye8mxUqW32zso1I= =/DGs -----END PGP SIGNATURE----- --- Detalii despre listele noastre de mail: http://www.lug.ro/
