iptables dropping legitimate packets?
Ian P. Thomas
ipt at scraemon.org
Mon Feb 28 02:36:28 UTC 2005
On Mon, 2005-02-28 at 21:51 -0500, Robert Spangler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 24 February 2005 22:30, Ian P. Thomas wrote:
>
> > > >>-A RH-Firewall-1-INPUT -j LOG -d 192.168.0.5 --log-prefix "iptables: "
> > > >>-A RH-Firewall-1-INPUT -j DROP
> > > >>COMMIT
> >
> > The packets are dropped because they have a destination IP of
> > 192.168.0.5 and are not being seen as being associated with an
> > ESTABLISHED connection. If your outbound services, POP and web
> > browsing, are operating in a sufficient manner, then I wouldn't worry
> > about the dropped packets.
>
> The packets are not being dropped because they have a destination addresses of
> 192.168.0.5. They are only being logged by the second to last rule. The
> last rule is dropping everything that reaches it. Doesn't matter what ip
> address it has or port it is going to.
I didn't say that the packets were being dropped because they had a
destination address of '192.168.0.5'. You quoted what I wrote, but your
comment didn't reflect what I wrote, which is quite odd.
At any rate, the following web site will tell you all you didn't want to
know about connection tracking.
http://kalamazoolinux.org/presentations/20010417/conntrack.html
Ian
More information about the fedora-list
mailing list