George Vieira was once rumoured to have said: > hey all, > > I thought I was starting to get an understaning of iptables when I stumbled > on this problem. >
[snip] > The other thing weird is that my rules aren't DROPPING non allowed packets > and yet my rules appear quite strict.. I usually ACCEPT on the OUTPUT and > FORWARD (-P) rules.. I explicitly specify as much rule matching as possible > to eliminate the possiblility of accidently accepting when it shouldn't ie. > "-A INPUT -i eth1 -d 203.x.x.x" ouch.. Anything I want passed through I make > the rules as explicit as possible. It sounds like you're being snared by the fact that forwarded packets do not pass through the INPUT ruleset in iptables, which is different behaviour to ipchains. C. -- --==============================================-- Crossfire | This email was brought to you [EMAIL PROTECTED] | on 100% Recycled Electrons --==============================================-- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
