iptables dropping legitimate packets?

Thu Feb 24 17:11:46 UTC 2005

lsmod shows, in part, the following:

ipt_LOG                 9921  1
ipt_state               5825  2
ip_conntrack           45317  1 ipt_state
iptable_filter          7489  1
ip_tables              20929  3 ipt_LOG,ipt_state,iptable_filter


David Cary Hart wrote:
> On Thu, 2005-02-24 at 11:30 -0500, Jan Morales wrote:
> 
> 
>># Firewall configuration written by redhat-config-securitylevel
>># Manual customization of this file is not recommended.
>>*filter
>>:INPUT ACCEPT [0:0]
>>:FORWARD ACCEPT [0:0]
>>:OUTPUT ACCEPT [0:0]
>>:RH-Firewall-1-INPUT - [0:0]
>>-A INPUT -j RH-Firewall-1-INPUT
>>-A FORWARD -j RH-Firewall-1-INPUT
>>-A RH-Firewall-1-INPUT -i lo -j ACCEPT
>>-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>>-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j 
>>ACCEPT
>>-A RH-Firewall-1-INPUT -j LOG -d 192.168.0.5 --log-prefix "iptables: "
>>-A RH-Firewall-1-INPUT -j DROP
>>COMMIT
>>
> 
> This effects a log and drop default policy. It will log and drop all
> packets that are not previously ACCEPTed. Does lsmod show that conntrack
> is loaded?