Christopher Chan wrote:
Er, you are not making much sense here. John posts that -v is needed to not get the 'digested result' but the 'full result' and then you go off on a branch about iptables-save. Oh, I still don't see what difference there is between iptables -nv -L ${table} and iptables-save. iptables-save sounds more like the 'nice presentation of used rules' according to the man page.
Then please tell some noob to just copy a rule from iptables -nv -L ${table}. And good luck with that.
[snip]
Strawman argument. Who needs to see the actual rules in /etc/sysconfig/iptables for 'creating the firewall' when you are just going to overwrite it with a working set by running 'service iptables save'? Or rather, both iptables -nv -L and iptables-save will provide you the actual rules but just presented differently.
Exactly the point. One will show you *what* is being done, and other *how* it's being done. Not the same. Like it's not the same to use compiled program to explain where the error in source code is.
I started wrestling with iptables rules in 2005 when I started working as networking admin and had to solve some very hard problems including policy routing, marking packets in right order, etc. Since then gained a lot of experience in helping others (on several forum sites) understand what they have and what they need to add/remove/change.
What's this? Get off your high horse. I have worked with ipchains, gone through the differences between netfilter and ipchains, messed with ipset due to the potential thousands of rules needed to be loaded but ultimately had to give up due to the instability of ipset, done iproute2 for multiple routing tables, done traffic shaping, done pf on OpenBSD, done ipfw on Solaris and John R Pierce probably has more experience than I do. You have arrived late to the party.
Knowing to do something and finding the best path to extract info from noob person and explaining him what exactly to do are totally different things. But whatever, I do not have time and will to argue about irrelevant stuff with heap of work on my schedule.
Ljubomir