Hi. I have used iptables 1.2.9 with kernel 2.4.x since a week ago. Now I'm using the new 2.6.7 kernel and iptables 1.2.10. The problem is that my firewall script does not work anymore. The setup is as followed: - Every thing in the kernel that has to do with the net filter options are Set to compile as modules. So I have done this in the beginning of the script: modprobe ip_tables modprobe iptable_filter modprobe iptable_mangle modprobe ipt_MASQUERADE modprobe ipt_conntrack modprobe ipt_multiport modprobe ipt_state modprobe ipt_REDIRECT modprobe ipt_REJECT modprobe ipt_SAME modprobe ipt_LOG modprobe ip_conntrack modprobe ip_conntrack_ftp ports=ab,cde,fgh modprobe ip_conntrack_irc modprobe iptable_nat modprobe ip_nat_ftp ports= ab,cde,fgh modprobe ip_nat_irc I have two major problems: 1. modprobe ip_conntrack_ftp ports=ab,cde,fgh modprobe ip_nat_ftp ports= ab,cde,fgh Does not seem to work. I can't ftp to the defined ports. There is no answer what so ever. 2. $IPTABLES -v -A INPUT -i eth0 -p icmp -j DROP Does not work. I can still ping my compu, the packets are not dropped. What you have to understand is that my firewall script worked fine before the kernel change and iptables change. So does anybody know anything about what has changed and can explain how I could redesign my script. There are of course more iptables configs in the script, but everything is quiet basic, a lot of port forwarding and such stuff. Thanks. /Per
