[EMAIL PROTECTED] wrote: > The final remaining problem is with the 3 statements scattered > through the rules... > > -A ICMP_IN -p icmp -m state --state NEW -j UNSOLICITED > -A TCP_IN -p tcp -m state --state NEW -m tcp -j UNSOLICITED > -A UDP_IN -p udp -m state --state NEW -j UNSOLICITED
The "-m tcp" is a typo, yes? The setting you might me missing is CONFIG_NF_CONNTRACK_IPV4=y. Grep through your .config and compare: # grep ^CONF /usr/src/linux/.config | grep -e _NF -e NETFILTER CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_NF_CONNTRACK_ENABLED=y CONFIG_NF_CONNTRACK_SUPPORT=y CONFIG_NF_CONNTRACK=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y Benno -- [EMAIL PROTECTED] mailing list
