* IP Addresses Changed to Hostnames in IPTables [not found] <bda96448-fbd7-0c99-1bff-c3776bdfafff.ref@att.net> @ 2021-06-28 19:57 ` slow_speed 2021-06-28 20:36 ` Kerin Millar 2021-06-28 20:56 ` Reindl Harald 0 siblings, 2 replies; 6+ messages in thread From: slow_speed @ 2021-06-28 19:57 UTC (permalink / raw) To: netfilter I created a ruleset in iptables and it was saved in /etc/iptables.up.rules as expected. However, when viewing the file, all IP addresses had been translated to hostnames. Why would it ever do such a thing, when I had entered them as IP addresses and they would have to be converted to IP addresses anyway? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: IP Addresses Changed to Hostnames in IPTables 2021-06-28 19:57 ` IP Addresses Changed to Hostnames in IPTables slow_speed @ 2021-06-28 20:36 ` Kerin Millar [not found] ` <cb8649b5-a2aa-8101-7701-9fc13e2f5db0@att.net> 2021-06-28 20:56 ` Reindl Harald 1 sibling, 1 reply; 6+ messages in thread From: Kerin Millar @ 2021-06-28 20:36 UTC (permalink / raw) To: slow_speed; +Cc: netfilter On Mon, 28 Jun 2021 15:57:30 -0400 slow_speed@att.net wrote: > I created a ruleset in iptables and it was saved in > /etc/iptables.up.rules as expected. However, when viewing the file, all > IP addresses had been translated to hostnames. > > Why would it ever do such a thing, when I had entered them as IP > addresses and they would have to be converted to IP addresses anyway? Here's how it works. One may supply hostnames to iptables/iptables-restore but they will be resolved at the point that the rule/ruleset is loaded into the kernel. If using `iptables -L` to list the currently loaded ruleset, reverse DNS lookups will be performed upon IP addresses before displaying. This behaviour can be suppressed by also using the -n option. As for `iptables -S` and `iptables-save`, neither of these will perform reverse DNS lookups. In summary, it's not at all clear how you ended up with hostnames in your iptables.up.rules file. Can you reduce this phenomonen to a simple, well-defined test case? -- Kerin Millar ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <cb8649b5-a2aa-8101-7701-9fc13e2f5db0@att.net>]
* Re: IP Addresses Changed to Hostnames in IPTables [not found] ` <cb8649b5-a2aa-8101-7701-9fc13e2f5db0@att.net> @ 2021-06-28 20:58 ` Kerin Millar 2021-06-28 21:06 ` Reindl Harald 2021-06-28 21:06 ` slow_speed 0 siblings, 2 replies; 6+ messages in thread From: Kerin Millar @ 2021-06-28 20:58 UTC (permalink / raw) To: slow_speed; +Cc: netfilter On Mon, 28 Jun 2021 16:47:46 -0400 slow_speed@att.net wrote: > On 6/28/21 4:36 PM, Kerin Millar wrote: > > On Mon, 28 Jun 2021 15:57:30 -0400 > > slow_speed@att.net wrote: > > > >> I created a ruleset in iptables and it was saved in > >> /etc/iptables.up.rules as expected. However, when viewing the file, all > >> IP addresses had been translated to hostnames. > >> > >> Why would it ever do such a thing, when I had entered them as IP > >> addresses and they would have to be converted to IP addresses anyway? > > > > Here's how it works. One may supply hostnames to iptables/iptables-restore but they will be resolved at the point that the rule/ruleset is loaded into the kernel. If using `iptables -L` to list the currently loaded ruleset, reverse DNS lookups will be performed upon IP addresses before displaying. This behaviour can be suppressed by also using the -n option. As for `iptables -S` and `iptables-save`, neither of these will perform reverse DNS lookups. > > > > In summary, it's not at all clear how you ended up with hostnames in your iptables.up.rules file. Can you reduce this phenomonen to a simple, well-defined test case? > > > > Okay, I was incorrect. The viewing of the file showed just numbers. It > was the iptables -L that caused the misinformation. It should > definitely default to -n. That is a big issue to the new person in this > area. Bad programming strikes again. > > Thank you so much for pointing that out. I will add that to my > instructions. The -L format is deficient in several respects. About the only thing it's good for is displaying counters (with -v), yet iptables-save already does this. My suggestion would be to avoid -L outright. If you want to list rules with iptables instead of iptables-save, the -S option is much more useful. Also, please use Reply All next time. I am adding the list back to the CC field. -- Kerin Millar ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: IP Addresses Changed to Hostnames in IPTables 2021-06-28 20:58 ` Kerin Millar @ 2021-06-28 21:06 ` Reindl Harald 2021-06-28 21:06 ` slow_speed 1 sibling, 0 replies; 6+ messages in thread From: Reindl Harald @ 2021-06-28 21:06 UTC (permalink / raw) To: Kerin Millar, slow_speed; +Cc: netfilter Am 28.06.21 um 22:58 schrieb Kerin Millar: > On Mon, 28 Jun 2021 16:47:46 -0400 > slow_speed@att.net wrote: > >> On 6/28/21 4:36 PM, Kerin Millar wrote: >>> On Mon, 28 Jun 2021 15:57:30 -0400 >>> slow_speed@att.net wrote: >>> >>>> I created a ruleset in iptables and it was saved in >>>> /etc/iptables.up.rules as expected. However, when viewing the file, all >>>> IP addresses had been translated to hostnames. >>>> >>>> Why would it ever do such a thing, when I had entered them as IP >>>> addresses and they would have to be converted to IP addresses anyway? >>> >>> Here's how it works. One may supply hostnames to iptables/iptables-restore but they will be resolved at the point that the rule/ruleset is loaded into the kernel. If using `iptables -L` to list the currently loaded ruleset, reverse DNS lookups will be performed upon IP addresses before displaying. This behaviour can be suppressed by also using the -n option. As for `iptables -S` and `iptables-save`, neither of these will perform reverse DNS lookups. >>> >>> In summary, it's not at all clear how you ended up with hostnames in your iptables.up.rules file. Can you reduce this phenomonen to a simple, well-defined test case? >>> >> >> Okay, I was incorrect. The viewing of the file showed just numbers. It >> was the iptables -L that caused the misinformation. It should >> definitely default to -n. That is a big issue to the new person in this >> area. Bad programming strikes again. >> >> Thank you so much for pointing that out. I will add that to my >> instructions. > > The -L format is deficient in several respects. About the only thing it's good for is displaying counters (with -v), yet iptables-save already does this. My suggestion would be to avoid -L outright. If you want to list rules with iptables instead of iptables-save, the -S option is much more useful. > > Also, please use Reply All next time. I am adding the list back to the CC field the real problem is talking about "However, when viewing the file" when doing "iptables -L" in fact "iptables --list --numeric --line-numbers --verbose" is no rocket science, documented and that you need "-n" is not that uncommon see "netstat-nat" or "route" as example ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: IP Addresses Changed to Hostnames in IPTables 2021-06-28 20:58 ` Kerin Millar 2021-06-28 21:06 ` Reindl Harald @ 2021-06-28 21:06 ` slow_speed 1 sibling, 0 replies; 6+ messages in thread From: slow_speed @ 2021-06-28 21:06 UTC (permalink / raw) To: Kerin Millar; +Cc: netfilter On 6/28/21 4:58 PM, Kerin Millar wrote: > On Mon, 28 Jun 2021 16:47:46 -0400 > slow_speed@att.net wrote: > >> On 6/28/21 4:36 PM, Kerin Millar wrote: >>> On Mon, 28 Jun 2021 15:57:30 -0400 >>> slow_speed@att.net wrote: >>> >>>> I created a ruleset in iptables and it was saved in >>>> /etc/iptables.up.rules as expected. However, when viewing the file, all >>>> IP addresses had been translated to hostnames. >>>> >>>> Why would it ever do such a thing, when I had entered them as IP >>>> addresses and they would have to be converted to IP addresses anyway? >>> >>> Here's how it works. One may supply hostnames to iptables/iptables-restore but they will be resolved at the point that the rule/ruleset is loaded into the kernel. If using `iptables -L` to list the currently loaded ruleset, reverse DNS lookups will be performed upon IP addresses before displaying. This behaviour can be suppressed by also using the -n option. As for `iptables -S` and `iptables-save`, neither of these will perform reverse DNS lookups. >>> >>> In summary, it's not at all clear how you ended up with hostnames in your iptables.up.rules file. Can you reduce this phenomonen to a simple, well-defined test case? >>> >> >> Okay, I was incorrect. The viewing of the file showed just numbers. It >> was the iptables -L that caused the misinformation. It should >> definitely default to -n. That is a big issue to the new person in this >> area. Bad programming strikes again. >> >> Thank you so much for pointing that out. I will add that to my >> instructions. > > The -L format is deficient in several respects. About the only thing it's good for is displaying counters (with -v), yet iptables-save already does this. My suggestion would be to avoid -L outright. If you want to list rules with iptables instead of iptables-save, the -S option is much more useful. > > Also, please use Reply All next time. I am adding the list back to the CC field. > Thanks for the Reply All tip. (This is one of the reasons I hate mail lists. They make us jump thru unnecessary hoops, when forums are free and so useful; especially for searching.) By the way, -S is good, but -nL has a very nice layout that is far superior. Thanks again. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: IP Addresses Changed to Hostnames in IPTables 2021-06-28 19:57 ` IP Addresses Changed to Hostnames in IPTables slow_speed 2021-06-28 20:36 ` Kerin Millar @ 2021-06-28 20:56 ` Reindl Harald 1 sibling, 0 replies; 6+ messages in thread From: Reindl Harald @ 2021-06-28 20:56 UTC (permalink / raw) To: slow_speed, netfilter Am 28.06.21 um 21:57 schrieb slow_speed@att.net: > I created a ruleset in iptables and it was saved in > /etc/iptables.up.rules as expected. However, when viewing the file, all > IP addresses had been translated to hostnames. > > Why would it ever do such a thing, when I had entered them as IP > addresses and they would have to be converted to IP addresses anyway? show the file that is normally only the case for "iptables -L" but not at save time ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-06-28 21:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bda96448-fbd7-0c99-1bff-c3776bdfafff.ref@att.net>
2021-06-28 19:57 ` IP Addresses Changed to Hostnames in IPTables slow_speed
2021-06-28 20:36 ` Kerin Millar
[not found] ` <cb8649b5-a2aa-8101-7701-9fc13e2f5db0@att.net>
2021-06-28 20:58 ` Kerin Millar
2021-06-28 21:06 ` Reindl Harald
2021-06-28 21:06 ` slow_speed
2021-06-28 20:56 ` Reindl Harald
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.