From mboxrd@z Thu Jan 1 00:00:00 1970 From: Victor Julien Subject: Re: Creating rules without the /sbin/iptables command? Date: Fri, 19 Mar 2004 20:01:48 +0100 Sender: netfilter-devel-admin@lists.netfilter.org Message-ID: <405B439C.7090009@nk.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Return-path: To: Netfilter Developers List In-Reply-To: Errors-To: netfilter-devel-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org Henrik Nordstrom wrote: > On Thu, 18 Mar 2004, Victor Julien wrote: > > >>using 'iptables-restore' (without noflush) is there a way to preserve >>the accounting data from the first rule? > > Then you must use incremental commands, keepint the accounting rule > untouched. Hmmm, that i don't want. > >>Is this what the -c option of iptables-restore is for? > > No. This instructs iptables-restore to restore any packet/byte counters > found in the input data. Without this option any such counters is ignored > and the installed rules have zeroed counters. So i have to read the current counters first by parsing 'iptables-save'-output. And i can then recreate the rules and set the counters to their old values? Using 'iptables-restore' can i flush one chain, but leave another untouched? If so, i can create an accounting chain which will not be flushed... Regards, Victor > > Regards > Henrik >