Hi, I think that your problem can be that you have the DROP rule before the ACCEPT rule in your INPUT chain, if you put the command in the same order that you email us, the packet will be droped. If you take a look to your tables ( iptables -L -n -v ) the first rule that match the packet will be executed.( you can view in the counters what is the rule that use the packet, with -Z the counter will be restarted ). To put a rule first in a chain you should use the -I option instead of -A. for example: iptables -I INPUT -s lan-machine -j ACCEPT. I hope that I help you. Regards, Matias Lambert OSInet Comunicaciones Datacom & IT support Argentina www.osinet.com.ar
inflo wrote: > hi, when i set the INPUT policy of DROP and then insert a rule -A INPUT -s > lan-machine -j ACCEPT ,the lan machine normally must be able to ping the > firewalled machine? with this syntax the -p option is default set to "all". > so icmp is also under "all" to find ,or i am wrong?thanks for help, and much > fun > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
