Redhat 9 2.4.20-24.9.i686 iptables-1.2.7a-2 I have one setup where I log based upon clients SA's. Each client has their own prefix they log to. The rules were very anal in that SA/DA port for each flow was defined. I tried to add another pair of SA/DA's port rules and they refused to work. I tried downgrading to 2.4.20-20.9 no joy. In desperation I redid the rules to limit the amount of individual rules to SA subnet/DA port , applied the ruleset again summarized that would not work and it is now working. So now instead of having 40 lines of rules, 20 logging and 20 accept, I now have have 16, 8 logging and 8 accept and it is behaving. How could I identify what was the root of the problem? I would like to recreate the problem and gather more data, but any insight into what I should be looking fow would be appreciated. Is their some allocation somehwere in the kernel that is possibly too small? Or did I hit some obscure bug? Thanks and Happy Holidays, Ted
