From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject: Re: not [!] rule is not working
Date: Fri, 17 Aug 2007 08:54:53 -0500 [thread overview]
Message-ID: <46C5A8AD.7030003@riverviewtech.net> (raw)
In-Reply-To: <d41814cf0708170109xb6f83d2w45ef54adeab1ab75@mail.gmail.com>
On 08/17/07 03:09, pankaj jain wrote:
> do these rules apply for logical interfaces also?
Logical as in aliased interfaces or logical as in VLAN interfaces? I
don't _think_ they apply to aliased interfaces other than the fact that
the IP(s) will be different. VLANs will need their own rules though as
they are a pseudo physical interface.
> because in my actual case I would be having 127.x.x.x ips on my
> physical interfaces and actual ips on logical interfaces. for
> example:
>
> eth0 - 127.2.3.4
> eth0:0 - 10.19.0.102
Um, be careful using 127.x.y.z/8 on any thing other than the loop back
as I think there are hard coded filters in the kernel to protect the
loop back. I don't know if it is to protect the IP range or the subnet
that is assigned to the loop back interface. Just be aware....
> is there any command which can turn on these flags permanently such
> that I dont have to do it on every reboot of the machine?
Um, there are some config files on some distros that have this option
per say. Rather that is to say that they read the file and set the
parameters on boot on your behalf. As far as how to set them and not
have them be set on boot, I'm sure you could modify the kernel source.
Grant. . . .
prev parent reply other threads:[~2007-08-17 13:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-14 6:45 not [!] rule is not working pankaj jain
2007-08-14 10:48 ` Gáspár Lajos
2007-08-14 12:28 ` pankaj jain
2007-08-14 14:24 ` Grant Taylor
2007-08-14 14:27 ` Grant Taylor
2007-08-14 14:36 ` Grant Taylor
2007-08-16 5:56 ` pankaj jain
2007-08-16 14:39 ` Grant Taylor
2007-08-16 15:07 ` Pascal Hambourg
2007-08-16 15:27 ` Grant Taylor
2007-08-16 21:47 ` Franck Joncourt
2007-08-17 8:09 ` pankaj jain
2007-08-17 13:54 ` Grant Taylor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46C5A8AD.7030003@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=gtaylor+reply@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox