How fast is a rule append ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hello :)


we have a script which is doing the following... but the NTP client fails


        /bin/iptables -A SystemOut -p udp --sport 1024:65535 --dport 123 -j ACCEPT
        /bin/msntp -r -x $TIME_UPDATE -f /var/run/msntp.save -F $PIDFILE $TIMESERVER


If we change the script like this, it works pretty good.
        /bin/iptables -A SystemOut -p udp --sport 1024:65535 --dport 123 -j ACCEPT
	  /bin/sleep 1
        /bin/msntp -r -x $TIME_UPDATE -f /var/run/msntp.save -F $PIDFILE $TIMESERVER

As you can see the LOG is matched, but the same "accept" rule (recently added)
has not matched (counter 0).
any ideas ?

best regards
  Robert & Markus

----- log ------
user.info msntp: [3215]: msntp started
daemon.warn klogd: IN= OUT=eth1 SRC=10.20.10.177 DST=195.13.1.153 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DFPROTO=UDP SPT=1028 DPT=123
LEN=56
daemon.warn klogd: seen IN= OUT=eth1 SRC=10.20.10.177 DST=195.13.1.153 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1028
DPT=123 LEN=56
user.err msntp: [3215]: unable to send NTP packet
user.err msntp: [3215]: Operation not permitted
user.notice init.d: ntp: started
------- end log -------
+bash-2.05# iptables -vnL SystemOut
Chain SystemOut (1 references)
 pkts bytes target     prot opt in     out     source               destination
    9   684 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:123 LOG flags 0 level 4 prefix `seen
'
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spts:1024:65535 dpt:123


------------------
Epygi Labs DE           |  Herrenstraße 23
Robert Allmeroth        |  76133 Karlsruhe
Tel: +49 721 20596 43   |  Fax: +49 721 20596 59




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux