[EMAIL PROTECTED] wrote: > Done. Changed Rule 18 to "block in quick log all". All other rules use > "quick". > Still blocking trusted hosts.
Sure, now any rules after it will *never* get matched. Move that 'block in quick log all' to the end of the rules. It seems you're deciding to go on the first-match rule system. This is what most people do, but you have to consider your rules from that perspective - they first one to match goes. As someone else pointed out, you're only matching on 'flags S', and the packet that was getting blocked was NOT flags S. That means some *other* packet would have needed to setup the connection with "flags S". If you want connections to be able to start in the middle, then drop the "flags S". -- Phil Dibowitz [EMAIL PROTECTED] Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Never write it in C if you can do it in 'awk'; Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr' can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: OpenPGP digital signature
