* What mean rules with no target?
@ 2015-09-29 8:22 f0rhum
2015-09-29 10:00 ` Bastian Bittorf
0 siblings, 1 reply; 4+ messages in thread
From: f0rhum @ 2015-09-29 8:22 UTC (permalink / raw)
To: netfilter
Hi
I have rules in my firewall with no targets. What is this?
iptables -V
iptables v1.3.3
The 3 first lines:
iptables -nvL INPUT
Chain INPUT (policy ACCEPT 9 packets, 2650 bytes)
pkts bytes target prot opt in out source destination
0 0 udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:14305
0 0 udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:4305
926 120K udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:698
1386 154K portfw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
1 99 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state INVALID
......
The part of script that creates similar lines as the 3rd one near the end:
# Ignore OLSR packets directly from these stations, e.g.
# if this connection is too slow, ignore sporadic packet
IFS=\;
for i in $(nvram get ff_ign); do
iptables -A INPUT -s $i -p udp --dport 698 -j DROP
done
unset IFS
When ff_ign contains semicolon separated list of IPs, same number of rules will be added near the end of INPUT:
DROP sourceIP udp dpt:698
Thank you for suggestions
Fabrice
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: What mean rules with no target?
2015-09-29 8:22 What mean rules with no target? f0rhum
@ 2015-09-29 10:00 ` Bastian Bittorf
2015-09-30 21:25 ` f0rhum
0 siblings, 1 reply; 4+ messages in thread
From: Bastian Bittorf @ 2015-09-29 10:00 UTC (permalink / raw)
To: f0rhum; +Cc: netfilter
* f0rhum <f0rhum@free.fr> [29.09.2015 11:58]:
> I have rules in my firewall with no targets. What is this?
A counter.
bye, bastian
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: What mean rules with no target?
2015-09-29 10:00 ` Bastian Bittorf
@ 2015-09-30 21:25 ` f0rhum
2015-10-01 4:34 ` What mean rules with no target? / counters Bastian Bittorf
0 siblings, 1 reply; 4+ messages in thread
From: f0rhum @ 2015-09-30 21:25 UTC (permalink / raw)
To: netfilter; +Cc: Bastian Bittorf
Thank you Bastian
I read some relevant chapters of http://www.iptables.info but I could never find this.
I hope I'll find something to read about this now.
> A counter.
> bye, bastian
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: What mean rules with no target? / counters
2015-09-30 21:25 ` f0rhum
@ 2015-10-01 4:34 ` Bastian Bittorf
0 siblings, 0 replies; 4+ messages in thread
From: Bastian Bittorf @ 2015-10-01 4:34 UTC (permalink / raw)
To: f0rhum; +Cc: netfilter
* f0rhum@free.fr <f0rhum@free.fr> [01.10.2015 06:11]:
> I read some relevant chapters of http://www.iptables.info but I could never find this.
a quick check in the documentation also makes me think,
this is missing or at least not explicitely mentioned.
I remember that i stumpled over this feature also by accident.
In short words: i you just want to count
bytes/packets and the packet should be processed further,
you omit the '-j TARGET' and so you just have a counter.
(most targets "eat" the packets, so they are not processed
in later rules)
# e.g.:
iptables -I INPUT -p udp --dport 53
lets you just count all incoming udp-DNS-packets.
bye, bastian
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-10-01 4:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-29 8:22 What mean rules with no target? f0rhum
2015-09-29 10:00 ` Bastian Bittorf
2015-09-30 21:25 ` f0rhum
2015-10-01 4:34 ` What mean rules with no target? / counters Bastian Bittorf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.