[lug] fc and iptables

[Kevin Fenzi]

>>>>> "D" == D Stimits <stimits at comcast.net> writes:

D> This is an offshoot of trying to get DHCP to work on a backup
D> machine...have not yet been able to try some of the other things,
D> although I was able to install outside drivers to at least make the
D> realtek ethernet show up.

D> I'm wondering about the notation in fedora/redhat style
D> /etc/sysconfig/iptables file. There is an abbreviation by which it
D> abstracts naming of inputs. For example: :INPUT ACCEPT [0:0]
D> :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :LOOP-INPUT - [0:0]

D> I'm interested in the "[0:0]" notation. If I have more than 1 NIC,
D> or aliases of a NIC, can I use this to differentiate between them?

no.

D> If so, would 0:0 stand for the main non-alias interface of the
D> first NIC? Would 1:0 stand for the main non-aliased interface of
D> the 2nd NIC? Or would 0:1 stand for the first aliased interface of
D> the first NIC? I can see quite a potential for customizing based on
D> this, if there is that much fine control over it. For the moment
D> I'm just interested in making sure DHCP is allowed on one NIC but
D> not another...or on one IP alias of a NIC and not the other aliased
D> IP.

Nope. Those two values are packet and byte counts for things that have
matched that rule/chain.

This is so you can save off the exact state if you use the packet/byte
counters for billing or something.

See /etc/sysconfig/iptables-config and the:

IPTABLES_SAVE_COUNTER

variable for if it saves those values or not.

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20060918/6cb380cc/attachment.pgp>