|
Hi Joe,
G'dai Ratz,
I'm the author. I got it to work without the "-t mangle" in the line
above
and didn't know that it was needed. Are you saying it has to be there or only
needs to be there if you're unlucky, like Jan was (in which case I'll add it).
To my knowledge it has to be there or the chain is linked in the wrong table and
cannot be jumped at. But I didn't crosscheck with the sources and I don't need
to because I explicitly always specify the '-t' table option, even for the
filter table.
<bitching ahead>
IMHO this is one of the most braindead features of the iptables command line
parser, which is to allow the user to drop the '-t filter' if you handle the
filter table. It's so extremely anti-structured-programming-like that it hurts
my head every time I have to write a shell script for iptables ;).
</bitching ahead>
hey, iproute2 is just the same :-)
Not exactly the same to be correct, you cannot just drop things. You may well
shorten commands but not drop them AFAICT. OTHO, a lot of people including Bert
Hubert and me are working on improving the iproute2 package towards
user-friendliness.
But yes, this is another reason I wrote the ifcfg/show-rules/show-routes
replacements in shell!
Cheers mate,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|
