* [iptables] misleading print
@ 2011-12-05 15:26 U.Mutlu
2011-12-05 15:44 ` Jan Engelhardt
2011-12-05 15:44 ` Michal Kubeček
0 siblings, 2 replies; 4+ messages in thread
From: U.Mutlu @ 2011-12-05 15:26 UTC (permalink / raw)
To: netfilter
I have in my script these statements:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
When doing "iptables -L -n" then the above gets shown as this:
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
IMHO, this could easily be misinterpreted if one looks
only at the iptables output, because the crucial info,
ie. that it applies to the "lo" device only, is missing...
Right?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [iptables] misleading print
2011-12-05 15:26 [iptables] misleading print U.Mutlu
@ 2011-12-05 15:44 ` Jan Engelhardt
2011-12-05 15:44 ` Michal Kubeček
1 sibling, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2011-12-05 15:44 UTC (permalink / raw)
To: U.Mutlu; +Cc: netfilter
On Monday 2011-12-05 16:26, U.Mutlu wrote:
> I have in my script these statements:
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> When doing "iptables -L -n" then the above gets shown as this:
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>
> IMHO, this could easily be misinterpreted if one looks
> only at the iptables output, because the crucial info,
> ie. that it applies to the "lo" device only, is missing...
>
> Right?
That's why one should use iptables -S or iptables-save.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [iptables] misleading print
2011-12-05 15:26 [iptables] misleading print U.Mutlu
2011-12-05 15:44 ` Jan Engelhardt
@ 2011-12-05 15:44 ` Michal Kubeček
2012-08-09 22:00 ` Jan Engelhardt
1 sibling, 1 reply; 4+ messages in thread
From: Michal Kubeček @ 2011-12-05 15:44 UTC (permalink / raw)
To: netfilter; +Cc: U.Mutlu
On Monday 05 of December 2011 16:26EN, U.Mutlu wrote:
> I have in my script these statements:
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> When doing "iptables -L -n" then the above gets shown as this:
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>
> IMHO, this could easily be misinterpreted if one looks
> only at the iptables output, because the crucial info,
> ie. that it applies to the "lo" device only, is missing...
Output of "iptables -L" doesn't show -i and -o matches by default. If
you want to see them, use "-v" option.
Michal Kubeèek
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [iptables] misleading print
2011-12-05 15:44 ` Michal Kubeček
@ 2012-08-09 22:00 ` Jan Engelhardt
0 siblings, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2012-08-09 22:00 UTC (permalink / raw)
To: Michal Kubeček; +Cc: netfilter, U.Mutlu
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset="windows-1252", Size: 827 bytes --]
On Monday 2011-12-05 16:44, Michal Kubeček wrote:
>On Monday 05 of December 2011 16:26EN, U.Mutlu wrote:
>> I have in my script these statements:
>> iptables -A INPUT -i lo -j ACCEPT
>> iptables -A OUTPUT -o lo -j ACCEPT
>>
>> When doing "iptables -L -n" then the above gets shown as this:
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>
>> IMHO, this could easily be misinterpreted if one looks
>> only at the iptables output, because the crucial info,
>> ie. that it applies to the "lo" device only, is missing...
>
>Output of "iptables -L" doesn't show -i and -o matches by default. If
>you want to see them, use "-v" option.
Let's start a vote (of sorts) for getting rid of -L. Yes, it'll break
people's oh-so-sacred scripts. But heck, you can't reasonably parse it
anyway.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-08-09 22:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-05 15:26 [iptables] misleading print U.Mutlu
2011-12-05 15:44 ` Jan Engelhardt
2011-12-05 15:44 ` Michal Kubeček
2012-08-09 22:00 ` Jan Engelhardt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).