[collectd] IPTables Module
Florian Forster
octo<span style="display: none;">.trailing-username</span>(a)<span style="display: none;">leading-domain.</span>verplant.org
Wed Mar 14 09:53:38 CET 2007
Hi Sjoerd,
I didn't search carefully enough: With Linux 2.6.18 the comment module
is named `xt_comment.ko'. With my previous version, 2.6.8, it should
have been `ipt_mark.ko'. So when searching for `ipt_mark.ko' in the
newer kernel-package I didn't find anything and thus assumed it wasn't
there.
On Mon, Mar 12, 2007 at 07:54:06PM +0100, Sjoerd van der Berg wrote:
> Damn that sucks, thought the comment module might make it into more
> distros by now, but seems not. So what's left then,
I'm still in favor to provide a backup-solution. I'd let the user select
the rules by table/chain names (select all comment-rules), by giving the
comment-name (select only that rule) or by rule numbers (possibly
accompanied by a name):
Chain <table> <chain> [<comment|num> [name]]
For instance:
Chain nat POSTROUTING
Chain filter INCOMING foobar
Chain filter FORWARD 1 established
Where:
- The first rule collects all rules with a comment from the POSTROUTING
chain.
- The second rule collects the rule with the `foobar' comment.
- The third rule collects the first rule from the FORWARD chain and
calls it `established'.
This way users that have the comment-match may use it and have a nice,
clean definition. All they really need to configure is the table and the
chain, everything else is done as in your patch. Users without that
match can still use the plugin, though not as comfortable.
Does that sound reasonable?
Regards,
-octo
--
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20070314/cf26e1db/attachment.pgp
More information about the collectd
mailing list