Re: iptables dropping legitimate packets?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2005-02-28 at 21:51 -0500, Robert Spangler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 24 February 2005 22:30, Ian P. Thomas wrote:
> 
> >  > >>-A RH-Firewall-1-INPUT -j LOG -d 192.168.0.5 --log-prefix "iptables: "
> >  > >>-A RH-Firewall-1-INPUT -j DROP
> >  > >>COMMIT
> >
> >  The packets are dropped because they have a destination IP of
> >  192.168.0.5 and are not being seen as being associated with an
> >  ESTABLISHED connection.  If your outbound services, POP and web
> >  browsing, are operating in a sufficient manner, then I wouldn't worry
> >  about the dropped packets.
> 
> The packets are not being dropped because they have a destination addresses of 
> 192.168.0.5.  They are only being logged by the second to last rule.  The 
> last rule is dropping everything that reaches it.  Doesn't matter what ip 
> address it has or port it is going to.

I didn't say that the packets were being dropped because they had a
destination address of '192.168.0.5'.  You quoted what I wrote, but your
comment didn't reflect what I wrote, which is quite odd.

At any rate, the following web site will tell you all you didn't want to
know about connection tracking.

http://kalamazoolinux.org/presentations/20010417/conntrack.html


Ian


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux