-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 4 Jul 2003 13:01:14 -0400, John Meagher wrote: > [root@xxxxxxxxx sysconfig]# iptables -L You'll find that the output of "iptables-save" is much more readable and complete. If I had to use "iptables -L", I would add option "-v" (--verbose). But iptables-save is great. > 1) Why does Lokkit put that first rule in there? And since it's there, > why doesn't it work? > Shouldn't it cause the rest of the rules to be ignored? "iptables -L" usually does not include enough details. > 2) Why does a second, identical rule get honored, (i.e. the firewall is > opened up) > if I add it with "iptables -I RH-Lokkit-0-50-INPUT 1 -j ACCEPT" This may be a completely different rule. > 3) Lokkit uses options -p udp -m udp in the rules it puts in > /etc/sysconfig/iptables. > What's the -m option? There was a -m for mark in ipchains, but that > doesn't seem relevant. - -m is short for --match, see "man iptables", MATCH EXTENSIONS. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/BcY50iMVcrivHFQRAnd+AJ47RIc6AD161yxWRMScPXx154UkdwCfTpKx jM8tpf94bXxTE4wGeKvbDDU= =WcTh -----END PGP SIGNATURE-----
