On Sat, Mar 08, 2003 at 07:50:03PM +0000, James O'Gorman wrote: > The odd thing is, if I enter all the rules that are in the script > manually (from an xterm) in the same order, everything works fine! Correction: it now doesn't work doing either! (Manually or with the script) > Here's the script I use: [snip] > # Log any external (Internet) traffic that isn't on ports 22,25,993 > # --THIS DOESN'T WORK!-- > > $IPTABLES -A INPUT -s ! 192.168.0.0/24 -m multiport --dport ! 22,25,993 > -i eth0 -j LOG --log-prefix "INPUT (dropped): " I've now changed this to: $IPTABLES -A INPUT -p tcp -s ! 192.168.0.0/24 -m multiport ! --dport 22,25,993 -i eth0 -j LOG --log-prefix "INPUT (dropped): " which now loads as a valid rule. I'm still not sure why this isn't working though.. on the machine itself, all network activity grinds to a halt. gethostbyname fails, so I can't use sudo, IMAP or anything, and I get mails from root with security alerts that gethostbyname doesn't work. I also can't telnet to port 25 of the box from another (external) machine, which I should be able to do, and I can't make any of this work without flushing all the chains and rmmoding the modules. Anyone got any ideas at all? Cheers, James -- James O'Gorman email: james@netinertia.co.uk | web: www.netinertia.co.uk Good night, Austin, Texas, wherever you are!
