hello :) we have a script which is doing the following... but the NTP client fails /bin/iptables -A SystemOut -p udp --sport 1024:65535 --dport 123 -j ACCEPT /bin/msntp -r -x $TIME_UPDATE -f /var/run/msntp.save -F $PIDFILE $TIMESERVER If we change the script like this, it works pretty good. /bin/iptables -A SystemOut -p udp --sport 1024:65535 --dport 123 -j ACCEPT /bin/sleep 1 /bin/msntp -r -x $TIME_UPDATE -f /var/run/msntp.save -F $PIDFILE $TIMESERVER As you can see the LOG is matched, but the same "accept" rule (recently added) has not matched (counter 0). any ideas ? best regards Robert & Markus ----- log ------ user.info msntp: [3215]: msntp started daemon.warn klogd: IN= OUT=eth1 SRC=10.20.10.177 DST=195.13.1.153 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DFPROTO=UDP SPT=1028 DPT=123 LEN=56 daemon.warn klogd: seen IN= OUT=eth1 SRC=10.20.10.177 DST=195.13.1.153 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1028 DPT=123 LEN=56 user.err msntp: [3215]: unable to send NTP packet user.err msntp: [3215]: Operation not permitted user.notice init.d: ntp: started ------- end log ------- +bash-2.05# iptables -vnL SystemOut Chain SystemOut (1 references) pkts bytes target prot opt in out source destination 9 684 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 LOG flags 0 level 4 prefix `seen ' 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:123 ------------------ Epygi Labs DE | Herrenstraße 23 Robert Allmeroth | 76133 Karlsruhe Tel: +49 721 20596 43 | Fax: +49 721 20596 59