Hello, OK, for people who are having trouble with UDP. Firstly, user defined UDP protocols _do_not_ require an explicit iptables rule for allowing reply packets. Reply packets are handled by iptable's connection tracking feature. This is what these lines do:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT UDP has worked fine in Guarddog for quite a few years now. What I want is for people who are having trouble to try to contact their teamspeak/UDP server with their client software, wait 5 seconds and then execute this command in shell: cat /proc/net/ip_conntrack > ~/ip_conntrack.txt (you probably want to queue this up first in your shell :-) ). Then email me ([EMAIL PROTECTED], *not* this list) these files/info: * ~/ip_conntrack.txt * /etc/rc.firewall (your firewall script) * the firewall log messages in /var/log/messages (showing the UDP packet being stopped). * your kernel version. * the output of "lsmod" command ( lsmod > ~/lsmod.txt ) * the distribution you are using We are trying to figure out why UDP connection tracking isn't working. cheers, -- Simon Edwards | Guarddog Firewall [EMAIL PROTECTED] | http://www.simonzone.com/software/ Nijmegen, The Netherlands | "ZooTV? You made the right choice."