On Tuesday, June 28, 2011 05:22 PM, Ljubomir Ljubojevic wrote:
Christopher Chan wrote:
Er, you are not making much sense here. John posts that -v is needed
to not get the 'digested result' but the 'full result' and then you go
off on a branch about iptables-save. Oh, I still don't see what
difference there is between iptables -nv -L ${table} and
iptables-save. iptables-save sounds more like the 'nice presentation
of used rules' according to the man page.
Then please tell some noob to just copy a rule from iptables -nv -L
${table}. And good luck with that.
Go on, be snide. The OP had no problem pasting /sbin/iptables -L
[snip]
Strawman argument. Who needs to see the actual rules in
/etc/sysconfig/iptables for 'creating the firewall' when you are just
going to overwrite it with a working set by running 'service iptables
save'? Or rather, both iptables -nv -L and iptables-save will provide
you the actual rules but just presented differently.
Exactly the point. One will show you *what* is being done, and other
*how* it's being done. Not the same. Like it's not the same to use
compiled program to explain where the error in source code is.
That sounds hilarious. Your comparison does not even match. There is no
'what' or 'how' differences. It is all 'what' just presented differently.
I started wrestling with iptables rules in 2005 when I started working
as networking admin and had to solve some very hard problems including
policy routing, marking packets in right order, etc. Since then gained a
lot of experience in helping others (on several forum sites) understand
what they have and what they need to add/remove/change.
What's this? Get off your high horse. I have worked with ipchains,
gone through the differences between netfilter and ipchains, messed
with ipset due to the potential thousands of rules needed to be loaded
but ultimately had to give up due to the instability of ipset, done
iproute2 for multiple routing tables, done traffic shaping, done pf on
OpenBSD, done ipfw on Solaris and John R Pierce probably has more
experience than I do. You have arrived late to the party.
Knowing to do something and finding the best path to extract info from
noob person and explaining him what exactly to do are totally different
things. But whatever, I do not have time and will to argue about
irrelevant stuff with heap of work on my schedule.
Oh, so are you saying that you cannot understand the output of iptables
-nv -L? I mean, cor, it must make such a big deal to a noob person when
he is asked to paste the output of 'iptables-save' versus 'iptables -nv
-L; iptables -nv -L nat; iptables -nv -L mangle'. Don't let me get in
the way of your big pile of work.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
