> Hey Guys, > > Just to clear up, I placed the DROP rules above the state ACCEPT rules > in my firewall script and now it seems to be working. This is > interesting, I think. > > Thanks for your help anyway guys and if you can explain to me why this > is I'd appreciate it. > > Lucas
This is because Linux takes action on a packet by the first fully matched rule. You want to have all your DROP statements first, instead of -A (append) use -I (insert) the default rulenumber for -I is 1. So any rule that inserts a rule goes to the top of the chain. Cheers, -- Lance Levsen, Systems Administrator, PWGroup - Saskatoon
