Yes, I have edited "iptables" manually and copies all rule sets to it and then restarted with "/etc/init.d/iptables restart" Is it not allowed? Thanks for support --- Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx> wrote: > Le mar 23/12/2003 à 14:19, Chris Brenton a écrit : > > > -A INPUT -p tcp ! --syn -m state --state NEW -j > LOG > > > --log-prefix "New not syn:" > > iptables -A INPUT -p tcp ! --tcp-flags SYN SYN -m > state --state NEW -j > > LOG --log-prefix " New not syn: " > > "--syn" is equivalent to "--tcp-flags SYN,RST,ACK > SYN" > > I can confirme that iptables-save generates a > --tcp-flag line : > > cbr@elendil:~$ sudo iptables -A INPUT -p tcp ! --syn > -m state > --state NEW -j LOG > cbr@elendil:~$ sudo iptables-save > # Generated by iptables-save v1.2.8 on Tue Dec 23 > 14:44:17 2003 > [...] > *filter > :INPUT DROP [529:81210] > [...] > -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN > -m state > --state NEW -j LOG > > So, for the OP (ads nat) : you seem to have modified > your ruleset by > hand and used a alias (--syn) that > iptables-<save/restore> does not > understand. > > -- > http://www.netexit.com/~sid/ > PGP KeyID: 157E98EE FingerPrint: > FA62226DA9E72FA8AECAA240008B480E157E98EE > >> Hi! I'm your friendly neighbourhood signature > virus. > >> Copy me to your signature file and help me > spread! __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
