iptables ACCEPT [0:0] brackets

So lately I have been working a lot more with Linux networking. Consider an iptables configuration like this:

:OUTPUT ACCEPT [7752:8249066]
-A RH-Firewall-1-FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT 
-A RH-Firewall-1-FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A RH-Firewall-1-FORWARD -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
# Completed on Fri Nov 21 15:44:47 2014

Ever noticed the brackets right next to the chain? What are those? What do the numbers mean?

:OUTPUT ACCEPT [7752:8249066]

The answer is pretty easy and pretty obvious in hindsight. These numbers report

  • packet counter for the chain
  • byte counter for the chain

So in our example above, the OUTPUT chain matched 7752 packets and 8249066 bytes.

[FATAL] PRVF-0002 : Could not retrieve local nodename

During a silent Oracle 12c Release 1 database installation on a newly set up Oracle Enterprise Linux box, I encountered the following error when performing the installation:

[oracle@pandora database]$ ./runInstaller -silent -responseFile /home/oracle/database/response/kdb.rsp 
Starting Oracle Universal Installer...

Checking Temp space: must be greater than 500 MB.   Actual 45136 MB    Passed
Checking swap space: must be greater than 150 MB.   Actual 4031 MB    Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2013-06-27_12-11-01AM. Please wait ...
[oracle@pandora database]$ [FATAL] PRVF-0002 : Could not retrieve local nodename
A log of this session is currently saved as: [..]

But when I checked the hostname, everything seems to be just fine, I even get the FQDN:

Read the rest of this entry

NMAP through VPN

When I tried to run a scan with NMAP over my VPN connection, I received the following error:

PS C:\> nmap -sP
Starting Nmap 5.21 ( http://nmap.org ) at 2010-11-18 09:35 W. Europe Standard Time
nexthost: Failed to determine dst MAC address for target

Alright… A quick search with Google revealed the following topic: http://seclists.org/nmap-dev/2008/q1/81.

Read the rest of this entry

Hello world

My name is Simon Krenger, I am a Technical Account Manager (TAM) at Red Hat. I advise our customers in using Kubernetes, Containers, Linux and Open Source.


  1. GitHub
  2. LinkedIn
  3. GitLab