Danny Yee was once rumoured to have said:
> When I try to turn firewalling on, I'm having long DNS delays, and reports
> like this in my logfile
Then something is wrong.
> Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17
>129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00 I=19120 F=0x4022 T=252 (#17)
> (with actual IP addresses #ed)
Thats just a log entry for a packet that failed to match.. big loss.
>
> But ipchains -L reports
[partial rules snipped]
>
> Can someone tell me what I'm doing wrong?
If you gave us the full-ruleset, we might be able to tell you.
The key thing to remember with ipchains is that it uses first match,
unlike {Net,Open}BSD's ipf which use last match.
C.
--
--==============================================--
Crossfire | This email was brought to you
[EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
