Thanks all! I'm studying iptables at the moment, Hope I can help others in the feture :) At 2011-06-28,"Ljubomir Ljubojevic" <office at plnet.rs> wrote: >Christopher Chan wrote: >> Er, you are not making much sense here. John posts that -v is needed to >> not get the 'digested result' but the 'full result' and then you go off >> on a branch about iptables-save. Oh, I still don't see what difference >> there is between iptables -nv -L ${table} and iptables-save. >> iptables-save sounds more like the 'nice presentation of used rules' >> according to the man page. > >Then please tell some noob to just copy a rule from iptables -nv -L >${table}. And good luck with that. > >[snip] >> Strawman argument. Who needs to see the actual rules in >> /etc/sysconfig/iptables for 'creating the firewall' when you are just >> going to overwrite it with a working set by running 'service iptables >> save'? Or rather, both iptables -nv -L and iptables-save will provide >> you the actual rules but just presented differently. > >Exactly the point. One will show you *what* is being done, and other >*how* it's being done. Not the same. Like it's not the same to use >compiled program to explain where the error in source code is. > >>> >>> I started wrestling with iptables rules in 2005 when I started working >>> as networking admin and had to solve some very hard problems including >>> policy routing, marking packets in right order, etc. Since then gained a >>> lot of experience in helping others (on several forum sites) understand >>> what they have and what they need to add/remove/change. >> >> What's this? Get off your high horse. I have worked with ipchains, gone >> through the differences between netfilter and ipchains, messed with >> ipset due to the potential thousands of rules needed to be loaded but >> ultimately had to give up due to the instability of ipset, done iproute2 >> for multiple routing tables, done traffic shaping, done pf on OpenBSD, >> done ipfw on Solaris and John R Pierce probably has more experience than >> I do. You have arrived late to the party. > >Knowing to do something and finding the best path to extract info from >noob person and explaining him what exactly to do are totally different >things. But whatever, I do not have time and will to argue about >irrelevant stuff with heap of work on my schedule. > >Ljubomir > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110629/af3dcd69/attachment-0005.html>