[Reply CC'ed to the list]
Sthu Deus a écrit :
> Good time of the day, Pascal.
>
> Thank You for Your time and important to me answer.
> You worte:
>
>> Is the UID missing for all packets or only for this one ?
>> According to a quick test, it seems that the last ACK in a TCP
>> connection does not have a UID (probably because the socket is
>> closed). Packets generated by the kernel itself (TCP RST, ICMP
>> messages...) do no have a UID.
>
> I have tested and found that it is true - only filtered out packets
> have no UID - others had (when I logged all of them and just the
> filtered out ones).
>
> Am I correct supposing that those packets having no UIDs are kernel
> generated ones, and only?
I have no certainty, but I suppose so.
>>> Also, may You know the answer to my curiocity, Why I can not locate
>>> '-j LOG' in above iptables rule at the end of the rule? - For
>>> iptables complains about unknown '--log-uid'. - I understand that
>>> something is then missing before the sufix, but from iptables man.
>>> it is not evident to me what.
>> --log-* are options to the LOG target, so iptables does not expect
>> them before.
>
> Oh, I've got the point - I though LOG target is same as others and
> therefore failed understanding it. Thanks for explanation, again.
The same as what others ?
LOG is handles by iptables just as any other target or match. Its
options must appear after its name.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/5002CAA1.4010407@plouf.fr.eu.org
No comments:
Post a Comment