On Monday 2011-12-05 16:44, Michal Kubeček wrote: >On Monday 05 of December 2011 16:26EN, U.Mutlu wrote: >> I have in my script these statements: >> iptables -A INPUT -i lo -j ACCEPT >> iptables -A OUTPUT -o lo -j ACCEPT >> >> When doing "iptables -L -n" then the above gets shown as this: >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >> >> IMHO, this could easily be misinterpreted if one looks >> only at the iptables output, because the crucial info, >> ie. that it applies to the "lo" device only, is missing... > >Output of "iptables -L" doesn't show -i and -o matches by default. If >you want to see them, use "-v" option. Let's start a vote (of sorts) for getting rid of -L. Yes, it'll break people's oh-so-sacred scripts. But heck, you can't reasonably parse it anyway. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
