What is the difference between -m conntrack --ctstate and -m state --state
I'm reading this howto, and there's something like this:
We can allow established sessions to receive traffic:
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
The above rule has no spaces either side of the comma in ESTABLISHED,RELATED
If the line above doesn't work, you may be on a castrated VPS whose
provider has not made available the extension, in which case an
inferior version can be used as last resort:
$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Is there a significant difference in working between -m conntrack --ctstate and -m state --state? They say that one may not work, but they don't say why. Why should I prefer one over the other?
iptables
edited Jan 7 '14 at 8:41
slm♦
248k66515678
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
|
show 3 more comments
I'm reading this howto, and there's something like this:
We can allow established sessions to receive traffic:
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
The above rule has no spaces either side of the comma in ESTABLISHED,RELATED
If the line above doesn't work, you may be on a castrated VPS whose
provider has not made available the extension, in which case an
inferior version can be used as last resort:
$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Is there a significant difference in working between -m conntrack --ctstate and -m state --state? They say that one may not work, but they don't say why. Why should I prefer one over the other?
iptables
edited Jan 7 '14 at 8:41
slm♦
248k66515678
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
Possible dup of serverfault.com/questions/358996/…
– John1024
Jan 7 '14 at 8:48
I see it, should I remove this question?
– Mikhail Morfikov
Jan 7 '14 at 8:52
After having it, is there some part of this question that remains unanswered? If so, I suggest refocusing this question on that part.
– John1024
Jan 7 '14 at 9:08
@John1024 - duplicates are only within a single SE site. It's perfectly fine to post similar questions on multiple SE sites so long as the Q's are within the rules governing a particular SE site!
– slm♦
Jan 7 '14 at 10:15
@MikhailMorfikov - your question, though similar to other Q's on other SE sites is perfectly fine here!
– slm♦
Jan 7 '14 at 10:17
|
show 3 more comments
I'm reading this howto, and there's something like this:
We can allow established sessions to receive traffic:
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
The above rule has no spaces either side of the comma in ESTABLISHED,RELATED
If the line above doesn't work, you may be on a castrated VPS whose
provider has not made available the extension, in which case an
inferior version can be used as last resort:
$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Is there a significant difference in working between -m conntrack --ctstate and -m state --state? They say that one may not work, but they don't say why. Why should I prefer one over the other?
iptables
edited Jan 7 '14 at 8:41
slm♦
248k66515678
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
I'm reading this howto, and there's something like this:
We can allow established sessions to receive traffic:
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
The above rule has no spaces either side of the comma in ESTABLISHED,RELATED
If the line above doesn't work, you may be on a castrated VPS whose
provider has not made available the extension, in which case an
inferior version can be used as last resort:
$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Is there a significant difference in working between -m conntrack --ctstate and -m state --state? They say that one may not work, but they don't say why. Why should I prefer one over the other?
iptables
iptables
edited Jan 7 '14 at 8:41
slm♦
248k66515678
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
edited Jan 7 '14 at 8:41
slm♦
248k66515678
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
edited Jan 7 '14 at 8:41
slm♦
248k66515678
edited Jan 7 '14 at 8:41
slm♦
248k66515678
edited Jan 7 '14 at 8:41
slm♦
248k66515678
248k66515678
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
asked Jan 7 '14 at 8:23
Mikhail MorfikovMikhail Morfikov
4,428124471
4,428124471
Possible dup of serverfault.com/questions/358996/…
– John1024
Jan 7 '14 at 8:48
I see it, should I remove this question?
– Mikhail Morfikov
Jan 7 '14 at 8:52
After having it, is there some part of this question that remains unanswered? If so, I suggest refocusing this question on that part.
– John1024
Jan 7 '14 at 9:08
@John1024 - duplicates are only within a single SE site. It's perfectly fine to post similar questions on multiple SE sites so long as the Q's are within the rules governing a particular SE site!
– slm♦
Jan 7 '14 at 10:15
@MikhailMorfikov - your question, though similar to other Q's on other SE sites is perfectly fine here!
– slm♦
Jan 7 '14 at 10:17
|
show 3 more comments
Possible dup of serverfault.com/questions/358996/…
– John1024
Jan 7 '14 at 8:48
I see it, should I remove this question?
– Mikhail Morfikov
Jan 7 '14 at 8:52
After having it, is there some part of this question that remains unanswered? If so, I suggest refocusing this question on that part.
– John1024
Jan 7 '14 at 9:08
@John1024 - duplicates are only within a single SE site. It's perfectly fine to post similar questions on multiple SE sites so long as the Q's are within the rules governing a particular SE site!
– slm♦
Jan 7 '14 at 10:15
@MikhailMorfikov - your question, though similar to other Q's on other SE sites is perfectly fine here!
– slm♦
Jan 7 '14 at 10:17
Possible dup of serverfault.com/questions/358996/…
– John1024
Jan 7 '14 at 8:48
Possible dup of serverfault.com/questions/358996/…
– John1024
Jan 7 '14 at 8:48
I see it, should I remove this question?
– Mikhail Morfikov
Jan 7 '14 at 8:52
I see it, should I remove this question?
– Mikhail Morfikov
Jan 7 '14 at 8:52
After having it, is there some part of this question that remains unanswered? If so, I suggest refocusing this question on that part.
– John1024
Jan 7 '14 at 9:08
After having it, is there some part of this question that remains unanswered? If so, I suggest refocusing this question on that part.
– John1024
Jan 7 '14 at 9:08
@John1024 - duplicates are only within a single SE site. It's perfectly fine to post similar questions on multiple SE sites so long as the Q's are within the rules governing a particular SE site!
– slm♦
Jan 7 '14 at 10:15
@John1024 - duplicates are only within a single SE site. It's perfectly fine to post similar questions on multiple SE sites so long as the Q's are within the rules governing a particular SE site!
– slm♦
Jan 7 '14 at 10:15
@MikhailMorfikov - your question, though similar to other Q's on other SE sites is perfectly fine here!
– slm♦
Jan 7 '14 at 10:17
@MikhailMorfikov - your question, though similar to other Q's on other SE sites is perfectly fine here!
– slm♦
Jan 7 '14 at 10:17
|
show 3 more comments
2 Answers
2
active
oldest
votes
I don't claim to be an expert with iptables rules but the first command is making use of the connection tracking extension (conntrack) while the second is making use of the state extension.
Data point #1
According to this document the conntrack extension superseded state.
Obsolete extensions:
• -m state: replaced by -m conntrack
Data point #2
Even so I found this SF Q&A titled: Firewall questions about state and policy? where the OP claimed to have asked this question on IRC in #iptables@freenode. After discussing it there he came to the conclusion that:
Technically the conntrack match supersedes - and so obsoletes - the state match. But practically the state match is not obsoleted in any way.
Data point #3
Lastly I found this SF Q&A titled: Iptables, what's the difference between -m state and -m conntrack?. The answer from this question is probably the best evidence and advice on how to view the usage of conntrack and state.
excerpt
Both use same kernel internals underneath (connection tracking
subsystem).
Header of xt_conntrack.c:
xt_conntrack - Netfilter module to match connection tracking
information. (Superset of Rusty's minimalistic state match.)
So I would say -- state module is simpler (and maybe less error
prone). It's also longer in kernel. Conntrack on the other side has
more options and features [1].
My call is to use conntrack if you need it's features, otherwise stick
with state module.
- Similar question on netfilter
maillist.
[1] Quite useful like
"-m conntrack --ctstate DNAT -j MASQUERADE"
routing/DNAT fixup ;-)
Data point #4
I found this thread from the netfilter@vger.kernel.org netfilte/iptables discussions, titled: state match is obsolete 1.4.17, which pretty much says that state is just an alias to conntrack so it doesn't really matter which you use, in both circumstances you're using conntrack.
excerpt
Actually, I have to agree. Why don't we keep "state" as an alias and
accept the old syntax in "conntrack"?
state is currently aliased and translated to conntrack in iptables
if the kernel has it. No scripts are broken.
If the aliasing is done in userspace, the kernel part can be removed -
someday maybe.
The aliasing is already done in userspace. One types in "state" and
it's converted into "conntrack" and that is then sent to the kernel.
(So as far as I see if the ipt_state, etc module aliases were added
to the conntrack module, even the state kernel module could be
removed.)
References
- Firewall questions about state and policy?
- iptables: differences using conntrack or state module
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
add a comment |
I am not an netfilter expert, but i looked into the iptables-extension man-page and suprise, there it is
The "state" extension is a subset of the "conntrack" module.
So state is a part of conntrack and just a simpler version of it if you really just need --state and non of the more fancy features of conntrack
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f108169%2fwhat-is-the-difference-between-m-conntrack-ctstate-and-m-state-state%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I don't claim to be an expert with iptables rules but the first command is making use of the connection tracking extension (conntrack) while the second is making use of the state extension.
Data point #1
According to this document the conntrack extension superseded state.
Obsolete extensions:
• -m state: replaced by -m conntrack
Data point #2
Even so I found this SF Q&A titled: Firewall questions about state and policy? where the OP claimed to have asked this question on IRC in #iptables@freenode. After discussing it there he came to the conclusion that:
Technically the conntrack match supersedes - and so obsoletes - the state match. But practically the state match is not obsoleted in any way.
Data point #3
Lastly I found this SF Q&A titled: Iptables, what's the difference between -m state and -m conntrack?. The answer from this question is probably the best evidence and advice on how to view the usage of conntrack and state.
excerpt
Both use same kernel internals underneath (connection tracking
subsystem).
Header of xt_conntrack.c:
xt_conntrack - Netfilter module to match connection tracking
information. (Superset of Rusty's minimalistic state match.)
So I would say -- state module is simpler (and maybe less error
prone). It's also longer in kernel. Conntrack on the other side has
more options and features [1].
My call is to use conntrack if you need it's features, otherwise stick
with state module.
- Similar question on netfilter
maillist.
[1] Quite useful like
"-m conntrack --ctstate DNAT -j MASQUERADE"
routing/DNAT fixup ;-)
Data point #4
I found this thread from the netfilter@vger.kernel.org netfilte/iptables discussions, titled: state match is obsolete 1.4.17, which pretty much says that state is just an alias to conntrack so it doesn't really matter which you use, in both circumstances you're using conntrack.
excerpt
Actually, I have to agree. Why don't we keep "state" as an alias and
accept the old syntax in "conntrack"?
state is currently aliased and translated to conntrack in iptables
if the kernel has it. No scripts are broken.
If the aliasing is done in userspace, the kernel part can be removed -
someday maybe.
The aliasing is already done in userspace. One types in "state" and
it's converted into "conntrack" and that is then sent to the kernel.
(So as far as I see if the ipt_state, etc module aliases were added
to the conntrack module, even the state kernel module could be
removed.)
References
- Firewall questions about state and policy?
- iptables: differences using conntrack or state module
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
add a comment |
I don't claim to be an expert with iptables rules but the first command is making use of the connection tracking extension (conntrack) while the second is making use of the state extension.
Data point #1
According to this document the conntrack extension superseded state.
Obsolete extensions:
• -m state: replaced by -m conntrack
Data point #2
Even so I found this SF Q&A titled: Firewall questions about state and policy? where the OP claimed to have asked this question on IRC in #iptables@freenode. After discussing it there he came to the conclusion that:
Technically the conntrack match supersedes - and so obsoletes - the state match. But practically the state match is not obsoleted in any way.
Data point #3
Lastly I found this SF Q&A titled: Iptables, what's the difference between -m state and -m conntrack?. The answer from this question is probably the best evidence and advice on how to view the usage of conntrack and state.
excerpt
Both use same kernel internals underneath (connection tracking
subsystem).
Header of xt_conntrack.c:
xt_conntrack - Netfilter module to match connection tracking
information. (Superset of Rusty's minimalistic state match.)
So I would say -- state module is simpler (and maybe less error
prone). It's also longer in kernel. Conntrack on the other side has
more options and features [1].
My call is to use conntrack if you need it's features, otherwise stick
with state module.
- Similar question on netfilter
maillist.
[1] Quite useful like
"-m conntrack --ctstate DNAT -j MASQUERADE"
routing/DNAT fixup ;-)
Data point #4
I found this thread from the netfilter@vger.kernel.org netfilte/iptables discussions, titled: state match is obsolete 1.4.17, which pretty much says that state is just an alias to conntrack so it doesn't really matter which you use, in both circumstances you're using conntrack.
excerpt
Actually, I have to agree. Why don't we keep "state" as an alias and
accept the old syntax in "conntrack"?
state is currently aliased and translated to conntrack in iptables
if the kernel has it. No scripts are broken.
If the aliasing is done in userspace, the kernel part can be removed -
someday maybe.
The aliasing is already done in userspace. One types in "state" and
it's converted into "conntrack" and that is then sent to the kernel.
(So as far as I see if the ipt_state, etc module aliases were added
to the conntrack module, even the state kernel module could be
removed.)
References
- Firewall questions about state and policy?
- iptables: differences using conntrack or state module
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
add a comment |
I don't claim to be an expert with iptables rules but the first command is making use of the connection tracking extension (conntrack) while the second is making use of the state extension.
Data point #1
According to this document the conntrack extension superseded state.
Obsolete extensions:
• -m state: replaced by -m conntrack
Data point #2
Even so I found this SF Q&A titled: Firewall questions about state and policy? where the OP claimed to have asked this question on IRC in #iptables@freenode. After discussing it there he came to the conclusion that:
Technically the conntrack match supersedes - and so obsoletes - the state match. But practically the state match is not obsoleted in any way.
Data point #3
Lastly I found this SF Q&A titled: Iptables, what's the difference between -m state and -m conntrack?. The answer from this question is probably the best evidence and advice on how to view the usage of conntrack and state.
excerpt
Both use same kernel internals underneath (connection tracking
subsystem).
Header of xt_conntrack.c:
xt_conntrack - Netfilter module to match connection tracking
information. (Superset of Rusty's minimalistic state match.)
So I would say -- state module is simpler (and maybe less error
prone). It's also longer in kernel. Conntrack on the other side has
more options and features [1].
My call is to use conntrack if you need it's features, otherwise stick
with state module.
- Similar question on netfilter
maillist.
[1] Quite useful like
"-m conntrack --ctstate DNAT -j MASQUERADE"
routing/DNAT fixup ;-)
Data point #4
I found this thread from the netfilter@vger.kernel.org netfilte/iptables discussions, titled: state match is obsolete 1.4.17, which pretty much says that state is just an alias to conntrack so it doesn't really matter which you use, in both circumstances you're using conntrack.
excerpt
Actually, I have to agree. Why don't we keep "state" as an alias and
accept the old syntax in "conntrack"?
state is currently aliased and translated to conntrack in iptables
if the kernel has it. No scripts are broken.
If the aliasing is done in userspace, the kernel part can be removed -
someday maybe.
The aliasing is already done in userspace. One types in "state" and
it's converted into "conntrack" and that is then sent to the kernel.
(So as far as I see if the ipt_state, etc module aliases were added
to the conntrack module, even the state kernel module could be
removed.)
References
- Firewall questions about state and policy?
- iptables: differences using conntrack or state module
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
I don't claim to be an expert with iptables rules but the first command is making use of the connection tracking extension (conntrack) while the second is making use of the state extension.
Data point #1
According to this document the conntrack extension superseded state.
Obsolete extensions:
• -m state: replaced by -m conntrack
Data point #2
Even so I found this SF Q&A titled: Firewall questions about state and policy? where the OP claimed to have asked this question on IRC in #iptables@freenode. After discussing it there he came to the conclusion that:
Technically the conntrack match supersedes - and so obsoletes - the state match. But practically the state match is not obsoleted in any way.
Data point #3
Lastly I found this SF Q&A titled: Iptables, what's the difference between -m state and -m conntrack?. The answer from this question is probably the best evidence and advice on how to view the usage of conntrack and state.
excerpt
Both use same kernel internals underneath (connection tracking
subsystem).
Header of xt_conntrack.c:
xt_conntrack - Netfilter module to match connection tracking
information. (Superset of Rusty's minimalistic state match.)
So I would say -- state module is simpler (and maybe less error
prone). It's also longer in kernel. Conntrack on the other side has
more options and features [1].
My call is to use conntrack if you need it's features, otherwise stick
with state module.
- Similar question on netfilter
maillist.
[1] Quite useful like
"-m conntrack --ctstate DNAT -j MASQUERADE"
routing/DNAT fixup ;-)
Data point #4
I found this thread from the netfilter@vger.kernel.org netfilte/iptables discussions, titled: state match is obsolete 1.4.17, which pretty much says that state is just an alias to conntrack so it doesn't really matter which you use, in both circumstances you're using conntrack.
excerpt
Actually, I have to agree. Why don't we keep "state" as an alias and
accept the old syntax in "conntrack"?
state is currently aliased and translated to conntrack in iptables
if the kernel has it. No scripts are broken.
If the aliasing is done in userspace, the kernel part can be removed -
someday maybe.
The aliasing is already done in userspace. One types in "state" and
it's converted into "conntrack" and that is then sent to the kernel.
(So as far as I see if the ipt_state, etc module aliases were added
to the conntrack module, even the state kernel module could be
removed.)
References
- Firewall questions about state and policy?
- iptables: differences using conntrack or state module
edited Apr 13 '17 at 12:13
Community♦
1
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
edited Apr 13 '17 at 12:13
Community♦
1
edited Apr 13 '17 at 12:13
Community♦
1
edited Apr 13 '17 at 12:13
Community♦
1
1
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
answered Jan 7 '14 at 10:16
slm♦slm
248k66515678
248k66515678
add a comment |
add a comment |
I am not an netfilter expert, but i looked into the iptables-extension man-page and suprise, there it is
The "state" extension is a subset of the "conntrack" module.
So state is a part of conntrack and just a simpler version of it if you really just need --state and non of the more fancy features of conntrack
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
add a comment |
I am not an netfilter expert, but i looked into the iptables-extension man-page and suprise, there it is
The "state" extension is a subset of the "conntrack" module.
So state is a part of conntrack and just a simpler version of it if you really just need --state and non of the more fancy features of conntrack
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
add a comment |
I am not an netfilter expert, but i looked into the iptables-extension man-page and suprise, there it is
The "state" extension is a subset of the "conntrack" module.
So state is a part of conntrack and just a simpler version of it if you really just need --state and non of the more fancy features of conntrack
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
I am not an netfilter expert, but i looked into the iptables-extension man-page and suprise, there it is
The "state" extension is a subset of the "conntrack" module.
So state is a part of conntrack and just a simpler version of it if you really just need --state and non of the more fancy features of conntrack
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
answered Jan 9 at 7:05
白川 マセル白川 マセル
111
111
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f108169%2fwhat-is-the-difference-between-m-conntrack-ctstate-and-m-state-state%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Possible dup of serverfault.com/questions/358996/…
– John1024
Jan 7 '14 at 8:48
I see it, should I remove this question?
– Mikhail Morfikov
Jan 7 '14 at 8:52
After having it, is there some part of this question that remains unanswered? If so, I suggest refocusing this question on that part.
– John1024
Jan 7 '14 at 9:08
@John1024 - duplicates are only within a single SE site. It's perfectly fine to post similar questions on multiple SE sites so long as the Q's are within the rules governing a particular SE site!
– slm♦
Jan 7 '14 at 10:15
@MikhailMorfikov - your question, though similar to other Q's on other SE sites is perfectly fine here!
– slm♦
Jan 7 '14 at 10:17