On Tuesday 29 October 2002 10:08 pm, Kellogg, Chris wrote: > Hi, everyone. > > I am encountering a problem where packets are not being handled correctly > after being passed through several custom chains. > The DNSSRVDST Chain: > $ipt --new DNSSRVDST 2>/dev/null Why are you throwing away error messages here ? What are you hiding :-) ? > $ipt -A DNSSRVDST -p udp --dport 53 -j ACCEPT > $ipt -A DNSSRVDST -p tcp --dport 53 -j ACCEPT > *SNIP*...SSH connections for management -J ACCEPTs...*SNIP* > $ipt -A DNSSRVDST -j LOG --log-level warn --log-prefix "Unmatched DNSSRVDST > " > $ipt -A DNSSRVDST -j DROP > > I'm at a loss why this would occur. I'm open to ideas on what the cause > might be, as well as better ways of building my firewall script. Please can you (a) post your entire DNSSRVDST rules so we can see the whole set, and (b) try iptables -L DNSSRVDST -n -v and check that the rules really are what you think they should be (for example, is the chain empty before you start adding the rules shown above ?) Antony. -- Perfection in design is achieved not when there is nothing left to add, but rather when there is nothing left to take away. - Antoine de Saint-Exupery
