RE: Extended IPTables options

[Arnoud Tijssen <ATijssen@xxxxxx>]

Thanks, and I know that nearly all of the options are listed in the manpage, but I`m also looking for an article of some sort that explains what options best to use for what kind of situations. A bit more background info on specific optios. I would like to extend the scripts I`m using for specific situations.

Cheers,
Arnoud


 
-----Original Message-----
From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Andrew Beverley
Sent: dinsdag 31 januari 2012 18:23
To: Arnoud Tijssen
Cc: netfilter@xxxxxxxxxxxxxxx
Subject: Re: Extended IPTables options

On Mon, 2012-01-30 at 08:40 +0100, Arnoud Tijssen wrote:
> I`m looking for the more sophisticated options of iptables/netfilter
> like: connmark, quota, qos, recent, netmap, tos, ulog, clustering and
> failover etc etc.

Have you tried the iptables man page? Personally I think that's pretty
well written and a good place to start. If you've got any specific
questions then feel free to post to this list.

> Is it possible to create a modular setup with iptables that offers the
> possibility to reload a specific part of the iptables rulebase instead
> of the entire rulebase.

You can add and remove rules "on the fly". There's no need to reload the
whole ruleset. Use "iptables -L  --line-numbers" to see all your rules
with associated rule number, and then use the "-D" command with that
number to delete as required.

Andy


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html