From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NkeLi-0002xP-6s for garchives@archives.gentoo.org; Thu, 25 Feb 2010 14:05:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C62F0E09BF for ; Thu, 25 Feb 2010 14:05:53 +0000 (UTC) Received: from mx1.linuxant.fr (mx1.linuxant.fr [87.98.143.218]) by pigeon.gentoo.org (Postfix) with ESMTP id DF2EBE0E82 for ; Thu, 25 Feb 2010 13:32:27 +0000 (UTC) Received: from [192.168.1.101] (93-136-174-234.adsl.net.t-com.hr [93.136.174.234]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: xavier) by mx1.linuxant.fr (Postfix) with ESMTPSA id 4930B3A8F for ; Thu, 25 Feb 2010 14:32:30 +0100 (CET) X-DKIM: Sendmail DKIM Filter v2.8.3 mx1.linuxant.fr 4930B3A8F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gentooist.com; s=DKIM; t=1267104750; bh=yqgfUgYr+tjwyA94r8ZRmHQqIs26pM/bRXVQik7lLrc=; l=1836; h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject:References: In-Reply-To:Content-Type; b=nFBsDxIcPfcbj0zsXsFnSmeH/jncACqaENxNjYtYxwtlLzqPKNw/qMj+xDpol6WbS rbVPsdmDVjKvoEP5EbqUBVbES7wjGPlrWVdT7rLLn6+u7id7YaoAjnhOgdgNCbNFnd xjrKkLR/R9fSJ74FsisW+ABpJ4Wud94m1Je+Tr4k= X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mx1.linuxant.fr 4930B3A8F DomainKey-Signature: a=rsa-sha1; s=DomainKey; d=gentooist.com; c=nofws; q=dns; h=message-id:date:from:reply-to:user-agent:mime-version:to: subject:references:in-reply-to:x-enigmail-version:content-type; b=PBYA1PHMTLtvOdTTvwGIE6XpECNFQ3tOQhzTpzxdnxiMB9wWhWkSfO3J4NkwuJTYc /iyHxyU2xIzDksC0xH1U4gZhtr+mKYp8Tp/E5OVGo/EhGm1fdX1suHAsCtl2/3fH6xR F3xum2tKCbUGUlfxdhySAfpMymoUMHBX2Lp+V7Y= Message-ID: <4B867B94.1010904@gentooist.com> Date: Thu, 25 Feb 2010 14:31:00 +0100 From: Xavier Parizet User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100217 Lightning/1.0b2pre Thunderbird/3.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [QA] The 'dropped' value in /sbin/ifconfig output References: <1e8a3dd1002250511q377f8e4bqd8091ead60482dbb@mail.gmail.com> In-Reply-To: <1e8a3dd1002250511q377f8e4bqd8091ead60482dbb@mail.gmail.com> X-Enigmail-Version: 1.0.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig752665BAEE542C9FCBC7F501" X-Archives-Salt: a4abe1c0-831c-42d7-87a9-ea1cecb4dec6 X-Archives-Hash: 3be516ba8251ef2364dbd91e201d2bd5 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig752665BAEE542C9FCBC7F501 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02/25/2010 02:11 PM, Kan-I Jyo wrote: > Dear list, >=20 > This might be too fundamental to answer, but I would like to know > when will the 'dropped' value in the output of /sbin/ifconfig be counte= d up. >=20 > I have tried setting up a firewall using iptables with a very simple ru= le like > the following: >=20 > > # iptables -A INPUT -p tcp --dport 80 -j DROP >=20 > When trying to connect from the other host through tcp port 80, there > was no response, which is expected. >=20 > However, the 'dropped' value was note added up even the packet is dropp= ed. Well, you're talking about two different things: the dropped value in ifconfig output is related to Ethernet packet which would be dropped by hardware. The target DROP of iptables tells to the kernel to drop the packet at software level. If you want to see the dropped packet statistics on software level (ie iptables), run iptables -v -L . > Any comment would be greatly appreciated. --=20 Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF --------------enig752665BAEE542C9FCBC7F501 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuGe5oACgkQ9ubfZRVpkb8buACfdcfnSyZ0fdATLWiQsoBxCzOC hv0AnjGhCQaUwAWLf9LWPZvah1fr84jc =ZLoa -----END PGP SIGNATURE----- --------------enig752665BAEE542C9FCBC7F501--