Jason Opperisano wrote:
On Tue, 2004-10-05 at 13:23, Damjan wrote:
However I agree with you that netfilter is easier to use and has more
capabilities, I still can't beleive that netfilter (iptables actually)
doesn't have a way to identify rules uniquely (via an ID). So simple
feaure, so powerfull, and still iptables doesn't have this.
And no, linenumbers don't identify rules uniquely, they can change at
any moment.
check out the comment patch from POM.
-j
I feel obliged to add that wrongly configured proxy-arp devices can
bring havoc onto a network. I get a few cases a year where some network
devices had proxy-arp left on (we typically disable it on most devices)
and a routing error was made, the result in many devices is that the
device will start answering for ip addresses it has no actually ability
to communicate with thereby effectively knocking that device off the
net. Just a warning that it can be nasty.
