Re: lug-bg: ipchains -L -Z
- Subject: Re: lug-bg: ipchains -L -Z
- From: yanev@xxxxxxxxxxx (Yanev)
- Date: Tue, 29 Jan 2002 05:12:39 +0200
On ?????????? 28 ???????????? 2002 21:25, you wrote:
> On Monday 28 January 2002 09:04 pm, you wrote:
> > On ?????? 26 ???????????? 2002 20:43, you wrote:
> > > On Saturday 26 January 2002 01:35 am, you wrote:
> > > > imam sledniq problem .... kogato polzwam ipchains -L -Z ne mi se
> > > > nulirat cauntarite ..... a w man page pishe :
> > > > -Z, --zero
> > > > Zero the packet and byte counters in all chains.
> > > > It is legal to specify the -L,--list (list) option as well, to see
> > > > the counters immediately before they are cleared; if this is
> > > > done, then no specific chain can be specified (they will all be
> > > > displayed and cleared).
> > > >
> > > >
> > > > no AZ ne poluchawam tozi efekt ne polucawam suobstenie za greshka
> > > > printwa se wsichko... na cauntarite ne se chistqt
> > > >
> > > > togawa poglednah HOWTO-to i widqh slednoto ....
> > > > ---------------------------------------------------------------------
> > > >-- -- -- ------------
> > > >
> > > > 4.1.5.10. Resetting (Zeroing) Counters
> > > >
> > > > It is useful to be able to reset the counters. This can be done
> > > > with the `-Z' (zero counters) option. For example:
> > > >
> > > >
> > > >
> > > > # ipchains -v -L input
> > > > Chain input (refcnt = 1): (policy ACCEPT)
> > > > pkts bytes target prot opt tosa tosx ifname mark
> > > > source destination
> > > > ports
> > > > 10 840 ACCEPT icmp ----- 0xFF 0x00 lo
> > > > anywhere anywhere
> > > > any
> > > > # ipchains -Z input
> > > > # ipchains -v -L input
> > > > Chain input (refcnt = 1): (policy ACCEPT)
> > > > pkts bytes target prot opt tosa tosx ifname mark
> > > > source destination
> > > > ports
> > > > 0 0 ACCEPT icmp ----- 0xFF 0x00 lo
> > > > anywhere anywhere
> > > > any
> > > > #
> > > >
> > > > The problem with this approach is that sometimes you need to know
> > > > the counter values immediately before they are reset. In the above
> > > > example, some packets could pass through between the `-L' and `-Z'
> > > > commands. For this reason, you can use the `-L' and `-Z' together,
> > > > to reset the counters while reading them. Unfortunately, if you do
> > > > this, you can't operate on a single chain: you have to list and zero
> > > > all the chains at once.
> > > >
> > > > # ipchains -L -v -Z
> > > > Chain input (policy ACCEPT):
> > > > pkts bytes target prot opt tosa tosx ifname mark
> > > > source destination
> > > > ports
> > > > 10 840 ACCEPT icmp ----- 0xFF 0x00 lo
> > > > anywhere anywhere
> > > > any
> > > >
> > > > Chain forward (refcnt = 1): (policy ACCEPT)
> > > > Chain output (refcnt = 1): (policy ACCEPT)
> > > > Chain test (refcnt = 0):
> > > > 0 0 DENY icmp ----- 0xFF 0x00 ppp0
> > > > localnet/24 anywhere
> > > > any
> > > >
> > > >
> > > >
> > > > # ipchains -L -v
> > > > Chain input (policy ACCEPT):
> > > > pkts bytes target prot opt tosa tosx ifname mark
> > > > source destination
> > > > ports
> > > > 10 840 ACCEPT icmp ----- 0xFF 0x00 lo
> > > > anywhere anywhere
> > > > any
> > > >
> > > > Chain forward (refcnt = 1): (policy ACCEPT)
> > > > Chain output (refcnt = 1): (policy ACCEPT)
> > > > Chain test (refcnt = 0):
> > > > 0 0 DENY icmp ----- 0xFF 0x00 ppp0
> > > > localnet/24 anywhere
> > > > any
> > > > #
> > > > ---------------------------------------------------------------------
> > > >-- -- -- ------------------- i kakto zabelqzwate ... w primera daden
> > > > kak kato se izpolzwat -L -Z zadno prosto ne se poluchawa towa koeto
> > > > trqbwa ..... pkgs pordylzawa da si e 10 a bytes da e 840
> > > >
> > > > ta pitam ima li nachin da se naprawi towa koeto iskam ... ili primera
> > > > koito sa dali e dostatachno pokazatelen che NQMA ...
> > >
> > > Ami ne si dal info za tova kak vikash ipchains.
> > > V man-a iasno e kazano 4e -L -Z ne moje da se prilaga za otdelni
> > > chains. Ako triesh vsi4ko. Pro4ei file-a BUGS ili neshto takova ot
> > > iptables. Mislia 4e tam se spomenavashe niakakyv podoben problem, koito
> > > e fix-nat. Upgrade 2 >=linux-2.4.16
> >
> > izwikwam go kakto trqbwa bez spechifikachiq za chain
> > #ipchains -L -Z
> > .....
> > #
> > ste pogledna ....za bug prosto nqmam documentachiqta na paketa .... sega
> > ste q izdirq
> >
> > > > stawa wupros za :
> > > > ipchains 1.3.10
> > > > kernel 2.4.4
> > > > debian [woody]
> > > > i HOWTO-to ot linuxdoc
> > > >
> > > >
> > > >
> > > > YaneV
>
> Problema se otnasiashe samo do izpolzvaneto na ipchains s kernel-2.4.
> Az bih ti prepory4al iptables shtom taka i taka si s 2.4.
> Osven ako ne ti e neobhodim niakoi ot modulite koito niamat ekvivalent vse
> oshte pri iptables
mda nepriqtno tochno takuw e sluchaq ... zadulzitelno mi trqbwa da sum 2.4
... znachi e kraino wreme da spra da se inatq i ipchains i da mina na
iptables .... :)
ili w nai loshoq wariqnt ste se molq da ne minawat mnogo paketi dokato se
izpulnqt komandite poslenowatelno
YaneV
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|