Is there an online guide giving details about how to verify that a rule set does what you want, and how to figure out what's wrong when it's doing something else?
I've found that using the log tcpdump combination has a tendency to either produce litte, or alternately an avalance. Also, log tells you what is happening, but not what can happen.
