Hi, for the record: I've been trying to get an Ubuntu TFTP server up & running with an iptables script based on the output of the 'lokkit' program (which writes simple firewall scripts). TFTP didn't work with the firewall running even though all rules looked OK, until I replaced lokkit's 20-character user-defined chain name with a shorter one.
I couldn't find anything about chain name limits in the current iptables manuals, but I did remember something about an 8 char limit from a distant past - I've seen iptables trip over > 8 char names before. Oddly enough the SSH connection wasn't affected, and neither tftpd-hpa nor iptables produced any useful error message. Pretty frustrating, cost me half a day. Hope to save someone else this needless trouble. By the way, loading the ip_conntrack_tftp module doesn't seem necessary, even though tftpd-hpa does seem to switch to an unprivileged port. Iptables is apparently smart enough to mark this one as "RELATED". Bill -- GNU - "GNU's Not Underdone" _______________________________________________ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
