> (Forgot this info in last post!) > > I'm running the 2.4.19 kernel on a debian box with the > bridging/firewall patch from bridging.sourceforge.net (version 0.0.7) > and the latest version of iptables. > > A sample output from iptables -L -vx would be: > > Chain INPUT (policy ACCEPT 20403 packets, 27177359 bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 12188 packets, 786022 bytes) > pkts bytes target prot opt in out source > destination > > The few other people (who also don't get the FORWARD chain to properly > show the counters) are still able to activate and implement rules, > although as you can see, my policy should drop everything, and yet I'm > still able to use the bridge. > > eol, > > Reed Guess suggestions: 1) the chain header only shows counts of packets that run off the end of the chain - if for some reason there are rules in your tables that you are not showing then that could account for it 2) you don't have forwarding enabled 3) something else in the kernel is getting the packets before iptables (e.g. the bridging/firewall patch) and iptables doesn't get passed the packets afterwards OK - just guesses, but just a few suggestions anyway since noone has said anything yet :-) -- -Cheers -Andrew MS ... if only he hadn't been hang gliding!
