Have you got any packet counts for the DROPped rules?? I'm still a bit stumped on the
-A block -i ! eth0 -m state --state NEW -j ACCEPT as what other devices do you have??? thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -----Original Message----- From: christophe barb� [mailto:[EMAIL PROTECTED]] Sent: Friday, 05 July 2002 8:57 AM To: [EMAIL PROTECTED] Subject: Re: simple rules and unexpected traffic On Fri, Jul 05, 2002 at 12:54:36AM +0200, Jan Humme wrote: > On Friday 05 July 2002 00:45, christophe barb� wrote: > > On Fri, Jul 05, 2002 at 08:35:53AM +1000, George Vieira wrote: > > > Yes I've found that some user space programs can see stuff before > > > iptables.. tcpdump too I think... > > > > Yes it sounds logical for tcpdump or tools like that (which pass the > > interface in promiscuisious mode) to see everything. I was not expecting > > the same from a unprivileged app like gkrellm. > > It is stil unclear for me what is the data processing path. > > > > Has someone a clear picture of the packets path ? > > It is no problem to open a socket and receive a copy of all raw packets > before they get to the kernel iptables modules. See "man 7 packet" for > details. > > I believe this is how tcpdump does it too. Ok it sounds logical. Now the question is what is dropping these packets ? Apparently not rp_filter, and not netfilter because I see no log for it. Christophe > > Jan Humme. -- Christophe Barb� <[EMAIL PROTECTED]> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E Imagination is more important than knowledge. Albert Einstein, On Science
