On Mon, 2011-06-06 at 23:35 +0200, Jan-Frode Myklebust wrote: > On Mon, Jun 06, 2011 at 11:59:21AM -0400, seth vidal wrote: > > > > iptables-save has -c option and it appears it is defaulting to on your > > system? > > > > take a look at the man page: > > -c, --counters > > include the current values of all packet and byte counters in > > the output > > "iptables-save -c" gives me per rule counters as in: > > [21:1260] -A RH-Firewall-1-INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT > > this is not defaulting to on. The problem I have is that iptables-save > (without -c) gives me the chain counters: > > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [7568359:2744381371] > :RH-Firewall-1-INPUT - [0:0] > > and OUTPUT ACCEPT is always changing. Also it gives the > timestamps in commented out lines, which also is noise for > func-inventory. So every host is daily adding something like > the following: > > -# Generated by iptables-save v1.3.5 on Fri Jun 3 14:57:06 2011 > +# Generated by iptables-save v1.3.5 on Fri Jun 3 15:08:54 2011 > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > -:OUTPUT ACCEPT [26377:4434694] > +:OUTPUT ACCEPT [29222:4961577] > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > @@ -22,4 +22,4 @@ > -A FORWARD -m limit --limit 3/min -j LOG --log-prefix "FIREWALL: " --log-level 6 > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > -# Completed on Fri Jun 3 14:57:06 2011 > +# Completed on Fri Jun 3 15:08:54 2011 > > > > b/c it seems to be behaving on mine. > > You're not seeing these timestamps or counters ? I see the timestamps - I have no problem with that part of your patch. I don't see the counters. -sv _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
