SLUG Mailing List Archives - Re: [SLUG] ipchains question

To: Danny Yee <danny@xxxxxxxxxxxxxxxxxxx>, slug@xxxxxxxxxxx
Subject: Re: [SLUG] ipchains question
From: Crossfire <xfire@xxxxxxxx>
Date: Wed Feb 21 18:10:02 2001
User-agent: Mutt/1.2.5i

Danny Yee was once rumoured to have said:
> When I try to turn firewalling on, I'm having long DNS delays, and reports
> like this in my logfile

Then something is wrong.

> Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17 129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00 I=19120 F=0x4022 T=252 (#17) 
> (with actual IP addresses #ed)

Thats just a log entry for a packet that failed to match.. big loss.


> 
> But ipchains -L reports

[partial rules snipped]
> 
> Can someone tell me what I'm doing wrong?

If you gave us the full-ruleset, we might be able to tell you.

The key thing to remember with ipchains is that it uses first match,
unlike {Net,Open}BSD's ipf which use last match.

C.
-- 
--==============================================--
  Crossfire      | This email was brought to you
  xfire@xxxxxxxx | on 100% Recycled Electrons
--==============================================--

Follow-Ups:
- RE: [SLUG] ipchains question
  - From: Bernhard Lüder

References:
- [SLUG] ipchains question
  - From: Danny Yee

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Win98/Linux Dual Boot Problem
Next by Date: Re: [SLUG] Email Programs
Previous by thread: [SLUG] ipchains question
Next by thread: RE: [SLUG] ipchains question