On Tue, 17 Feb 2015 12:12:30 +0100 Dennis Jacobfeuerborn <dennisml@xxxxxxxxxxxx> wrote: > > As -t does not commit the tables to the kernel, I do not expect it > > to detect errors related to the kernel configuration. So I do not > > see any bug in your description, it sounds like expected behaviour > > to me. Where do you see a bug in that behaviour ? > > This should probably be mentioned in the man page. Most people would > think that if the ruleset passes a test with -t this means the ruleset > can be activated. Which part specifically of the mentioned rule is it > that cannot be tested without being committed the rule in the kernel? --hitcount Default is 20 and when --hitcount exceeds this value, "iptables-restore -t" approves the syntax but the kernel does not accept this value. R. -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | +------------------------------------------------------------------+ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
