On Thu, 30 Oct 2003, Knight, Steve wrote: > Thanks to both the Robs [and the other contributors I hope I've thanked > already!] :D > > At the moment, it's a single host - but it will eventually be acting as the > single gateway for a 192.168.x.x LAN + DMZ, and I will be implementing a > fairly strict ruleset on the FORWARD chain [there are some monkeys who'd be > Kazaaing and IRCing in a moment if I didn't] - which is why I'm trying all > sorts of mojo on the INPUT/OUTPUT chains right now so I can get comfortable > with the syntax. > > Ive relented for the moment [for testing purposes] to OUTPUT ACCEPT policy > and of course it's working as expected, but I'm intrigued as to why the > rules didn't work. so add a logging rule like: iptables -A INPUT -p tcp --dport 53 -j LOG or something to that effect to see what happens to that traffic when it comes in, then tail the file /var/log/messages. at least you'll see the traffic. rday
