-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08 May 2003 10:34:41 -0500, Alejandro González Hernández - Imoq wrote: > > Packet and byte counters, saved by "iptables-save -c", see bug > > #87715. I would also prefer if they were not saved and restored, > > especially not after reboot. > > Do you think that it is better, then, to change all those numbers by > [0:0]? Specially in the rules... is there anything this could affect my > firewall? No, it is not a matter of "better or worse". It doesn't affect your firewall either. It is a matter of what makes more sense, e.g. during debugging your set of rules. After reboot or after reloading the rules with "service iptables restart", have a look at "verbose output" like "iptables -L -v". There you will see the packet/byte counts. Since the counts are loaded with what is found in /etc/sysconfig/iptables, they are never reset to zero. But based on packet/byte statistics you can see which of your rules catch any traffic and how much they catch. Very useful if a newly loaded set of rules starts with packet/byte counts set to zero. The work-around is to edit /etc/init.d/iptables and drop the "-c" option from all calls to "iptables-save" and "iptables-restore". - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+uo6U0iMVcrivHFQRAh9aAJ9OhVRrKtG//5fWZ5Wx4Px+vV0XIACfc/vC StvWQL5HMGzGCGFOvhvDRM4= =fJ48 -----END PGP SIGNATURE-----
