On Thursday 22 April 2004 8:23 pm, Antony Stone wrote: > On Thursday 22 April 2004 7:58 pm, Garison Piatt wrote: > > > Below is a pared-down combination of several example scripts which did > > something reasonably close to what I want. When I run this, however, I > > lose FTP, and who-knows-what-else. > > Your posted ruleset *is* very long, yes, and by your own admission you're > not quite sure what you're doing, so I recommend that you start simple and > build up, ensuring there are no problems at each stage, so that when a > problem does crop up, you know it must be the small part you just changed, > rather than "somewhere in this great long script I've got". Sorry for replying to my own posting, but I've just looked at your script in a bit more detail, and I immediately notice how many user-defined chains you have. I think this is unnecessarily complicating things for you (and us, trying to read the script), so I suggest you remove (comment-out) as many as possible (the ones which block 'bad' packets for example - you can do without those whilst you're getting the firewall working, and then add them in again later to add some bells & whistles to a system which is by then doing the basic job okay). I'm sticking to my previously-stated philosophy of "start simple and build up gradually, checking for problems at each stage", since it makes the debuggign process of working out where the problem crept in much easier. Regards, Antony. -- The truth is rarely pure, and never simple. - Oscar Wilde Please reply to the list; please don't CC me.