From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ming-Ching Tiew <mctiew@yahoo.com>
Date: Thu, 13 Feb 2003 23:25:57 +0000
Subject: Re: [LARTC] Monitoring....
Message-Id: <marc-lartc-104517882425105@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104515865524996@msgid-missing>
In-Reply-To: <marc-lartc-104515865524996@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org


My suggestion is for you to do this, insert
the 'filtering' rules into the INPUT/OUTPUT/FORWARD
chains, eg

   iptables -I FORWARD -p tcp --dport 22 -j mychain
   iptables -I INPUT -p tcp --.... -j mychain
   iptables -I OUTPUT -p udp -- .... -j mychain
   .....
   and so on,

and for mychain,

   iptables -A mychain -j RETURN

You can safely put this. It will not disrupt anything.

If originally you already have some other accept/deny,
they continue to work.

--- Nelson Guedes Paulo Junior
<npaulo@linux.ime.usp.br> wrote:
> I have, at least for the moment, one question about
> iptables:
> 
> Does I need to create another chain to sse the bytes
> like:
> 
> iptables -N mychain
> iptables -I INPUT -j mychain
> iptables -I OUTPUT -j mychain
> iptables -I FORWARD -j mychain
> iptables -A mychain -p tcp --dport 22 -j ACCEPT
> 
> Does I need to do that???
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/