[collectd] IPTables Module

Florian Forster octo<span style="display: none;">.trailing-username</span>(a)<span style="display: none;">leading-domain.</span>verplant.org
Wed Mar 14 09:53:38 CET 2007


Hi Sjoerd,

I didn't search carefully enough: With Linux 2.6.18 the comment module
is named `xt_comment.ko'. With my previous version, 2.6.8, it should
have been `ipt_mark.ko'. So when searching for `ipt_mark.ko' in the
newer kernel-package I didn't find anything and thus assumed it wasn't
there.

On Mon, Mar 12, 2007 at 07:54:06PM +0100, Sjoerd van der Berg wrote:
> Damn that sucks, thought the comment module might make it into more
> distros by now, but seems not. So what's left then,

I'm still in favor to provide a backup-solution. I'd let the user select
the rules by table/chain names (select all comment-rules), by giving the
comment-name (select only that rule) or by rule numbers (possibly
accompanied by a name):

  Chain <table> <chain> [<comment|num> [name]]
For instance:
  Chain nat POSTROUTING
  Chain filter INCOMING foobar
  Chain filter FORWARD  1 established
Where:
- The first rule collects all rules with a comment from the POSTROUTING
  chain.
- The second rule collects the rule with the `foobar' comment.
- The third rule collects the first rule from the FORWARD chain and
  calls it `established'.

This way users that have the comment-match may use it and have a nice,
clean definition. All they really need to configure is the table and the
chain, everything else is done as in your patch. Users without that
match can still use the plugin, though not as comfortable.

Does that sound reasonable?

Regards,
-octo
-- 
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20070314/cf26e1db/attachment.pgp


More information about the collectd mailing list