On Fri, 1 Mar 2002, Peter Rabbitson wrote: > Hi everyone. I am having a very hard time making iptables match any rules containing >-p 47 (regardles of type of -j action). > And looking through other postings I come to the conclusion that iptables is >supposed to support protocols other than TCP > UDP and ICMP. I am useing kernel 2.4.18 right now, the same behavior is experienced >with .17. Iptables is 1.2.5. Any help > would be greatly appreciated. > Peter > > P.S. I cannot even make GRE to the LOG target to have any idea what the packets look >like to ipt.
Chain INPUT (policy ACCEPT 644 packets, 97672 bytes) pkts bytes target prot opt in out source destination 597 97074 47 -- * * 0.0.0.0/0 0.0.0.0/0 I can match GRE packets. But I've noticed that if I put this rule _after_ a rule that matches all ESTABLISHED packets then it's never matched. Maybe it's been the case for me that there have been GRE packets (3 tunnels) after ip_conntrack is loaded but before the rules have been added and then all GRE packets from these tunnels will be ESTABLISHED. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience.
