On Tuesday, June 28, 2011 04:05 PM, Ljubomir Ljubojevic wrote:
Christopher Chan wrote:
On Tuesday, June 28, 2011 02:38 AM, Ljubomir Ljubojevic wrote:
John R Pierce wrote:
On 06/27/11 10:43 AM, Ljubomir Ljubojevic wrote:
note that doesn't show all the pertinent info. I prefer `iptable -L
-vn`, and it still doesn't show the nat tables, you also need
`iptable -L -vn -t nat` to see those chains, and `iptable -L -vn -t
mangle` if you're using any mangle entries.
iptables-save is designed for iptables output.
sure, for saving to the startup scripts.... the commands I listed
above were to display the tables with full info... Without the -v
flag, -L only shows part of the important stuff.
iptables-save man:
DESCRIPTION:
iptables-save is used to dump the contents of an IP Table in easily
parseable format to STDOUT. Use I/O-redirection provided by your shell
to write to a file.
You seem to have a problem understanding what John is saying. When you
add the v flag, iptables will also report in/out interfaces so that
you don't have to guess when you are trying to fix up the rules on the
spot and not by editing some file.
My point should have been that listing digested result with "iptables
-L..." is not what we needed from OP. In order to help him solve his
problem, he needed to output his *rules*. not a "nice presentation of
used rules".
Er, you are not making much sense here. John posts that -v is needed to
not get the 'digested result' but the 'full result' and then you go off
on a branch about iptables-save. Oh, I still don't see what difference
there is between iptables -nv -L ${table} and iptables-save.
iptables-save sounds more like the 'nice presentation of used rules'
according to the man page.
With iptables-save he/we could see actual rules used for creating Fedora
and CentOS firewall, so he/we can use that output to suggest exact rules
he needs.
Strawman argument. Who needs to see the actual rules in
/etc/sysconfig/iptables for 'creating the firewall' when you are just
going to overwrite it with a working set by running 'service iptables
save'? Or rather, both iptables -nv -L and iptables-save will provide
you the actual rules but just presented differently.
I started wrestling with iptables rules in 2005 when I started working
as networking admin and had to solve some very hard problems including
policy routing, marking packets in right order, etc. Since then gained a
lot of experience in helping others (on several forum sites) understand
what they have and what they need to add/remove/change.
What's this? Get off your high horse. I have worked with ipchains, gone
through the differences between netfilter and ipchains, messed with
ipset due to the potential thousands of rules needed to be loaded but
ultimately had to give up due to the instability of ipset, done iproute2
for multiple routing tables, done traffic shaping, done pf on OpenBSD,
done ipfw on Solaris and John R Pierce probably has more experience than
I do. You have arrived late to the party.
With iptables-save you get reusable output and all you need to do is to
say "used this, this, and that rule, change that one and remove that
one, and it should work", so there is no chance of making an error in
converting (retyping) iptables -L to actual rules already provided with
iptables-save.
Hahaha, the OP still managed to mistype instructions he was given, I
somehow doubt that fixing up iptables-save output for him will make any
difference.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
