Hello! Maybe I'm missing something obvious because I haven't looked any closer at this, but to me the debian sshguard bug report #495683 seems bogus!
AFAIK the default action of a "non-builtin" chain (the ones you create yourself) is to RETURN. No need to explicitly append a last entry jumping to RETURN. Try for example: iptables -N TEST iptables -A TEST -j LOG --log-prefix "TEST" iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 12345 -j TEST iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 12345 -j LOG --log-prefix "NOTEST" iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 12345 -j DROP On one console run: nc -l 12345 On a second run: nc localhost 12345 Check /var/log/messages and see the log message from the TEST chain, followed by the log message NOTEST from when the filtering has returned to the INPUT chain again. Finally, the INPUT rule to DROP is the final destination. I don't see there's anything to NMU here, OTOH I don't object to removing unmaintained packages either. Please enlighten me on what I have missed in the sshguard case that makes it special! -- Andreas Henriksson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
