On Thu, 2003-05-08 at 12:06, Michael Schwendt wrote: > No, it is not a matter of "better or worse". It doesn't affect your > firewall either. It is a matter of what makes more sense, e.g. > during debugging your set of rules. After reboot or after reloading > the rules with "service iptables restart", have a look at "verbose > output" like "iptables -L -v". There you will see the packet/byte > counts. Since the counts are loaded with what is found in > /etc/sysconfig/iptables, they are never reset to zero. But based on > packet/byte statistics you can see which of your rules catch any > traffic and how much they catch. Very useful if a newly loaded set > of rules starts with packet/byte counts set to zero. Thanks for the great explanation! I now understand it completely. Alex. -- ¡Sé libre, usa software libre! Be free, use free software! http://www.imoqland.com/
