On Fri, 2003-11-28 at 08:54, Tom Eastep wrote: > > Ray has been telling you for some time now but it's not getting through; > you cannot simply hack in an arbitrary set of iptables commands into a > Shorewall-configured firewall and expect them to work. You have to > understand what Shorewall's ruleset does and you have to understand how > adding your additional rules might affect what that ruleset does. >
In your particular case, you are inserting rules into the FORWARD chain BEFORE THE SHOREWALL-GENERATED TCPMSS RULE!!!! And since your accounting rules aren't passive (they ACCEPT the packets), the TCPMSS rule is never being traversed. So for those IP addresses that you are accounting for, the setting of CLAMPMSS is being effectively ignored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
