statistic match support in iptables snapshots
Patrick McHardy
kaber at trash.net
Thu Aug 31 17:38:54 CEST 2006
Marco Berizzi wrote:
> Patrick McHardy wrote:
>
>> Marco Berizzi wrote:
>> > Sorry for breaking you again: is not possible
>> > having multiple counters with 'nth mode'?
>>
>> No, why is that useful? You can just use multiple matches.
>
>
> ok, it's clear.
>
> Just the last question. I have tried to insert a couple of
> rules with an out of range packet number and the kernel has
> eaten them:
>
> iptables -A FORWARD -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
> iptables -A FORWARD -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
> iptables -A FORWARD -m statistic --mode nth --every 2 --packet 2 -j ACCEPT
> iptables -A FORWARD -m statistic --mode nth --every 2 --packet 20 -j ACCEPT
Mhh thats more something for userspace to catch in my opinion,
I'll add a check there.
More information about the netfilter-devel
mailing list