On Mon, Jun 06, 2011 at 05:53:18PM -0400, seth vidal wrote: > > > b/c it seems to be behaving on mine. > > > > You're not seeing these timestamps or counters ? > > I see the timestamps - I have no problem with that part of your patch. > > I don't see the counters. > Strange.. anybody else on this list care to chime in? Is it really just me? AFAIK we're running with quite standard RHEL5/6 iptables configs.. RHEL5: ---------------------------------------------- # /sbin/iptables-save # Generated by iptables-save v1.3.5 on Tue Jun 7 00:04:37 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [7617151:2762434660] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Jun 7 00:04:37 2011 # grep -v ^# /etc/sysconfig/iptables-config |grep -v ^$ IPTABLES_MODULES="ip_conntrack_netbios_ns" IPTABLES_MODULES_UNLOAD="yes" IPTABLES_SAVE_ON_STOP="no" IPTABLES_SAVE_ON_RESTART="no" IPTABLES_SAVE_COUNTER="no" IPTABLES_STATUS_NUMERIC="yes" IPTABLES_STATUS_VERBOSE="no" IPTABLES_STATUS_LINENUMBERS="yes" ---------------------------------------------- RHEL6 ---------------------------------------------- # iptables-save # Generated by iptables-save v1.4.7 on Tue Jun 7 00:03:26 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [573260:64263533] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.168.11.0/24 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Jun 7 00:03:26 2011 # grep -v ^# /etc/sysconfig/iptables-config |grep -v ^$ IPTABLES_MODULES="" IPTABLES_MODULES_UNLOAD="yes" IPTABLES_SAVE_ON_STOP="no" IPTABLES_SAVE_ON_RESTART="no" IPTABLES_SAVE_COUNTER="no" IPTABLES_STATUS_NUMERIC="yes" IPTABLES_STATUS_VERBOSE="no" IPTABLES_STATUS_LINENUMBERS="yes" ---------------------------------------------- -jf _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
