On Sun, 2004-07-18 at 18:10, Mail Lists wrote: > Right - thanks for any insights - more details below. > > On Sun, Jul 18, 2004 at 10:02:20PM +0100, Antony Stone wrote: > > On Sunday 18 July 2004 9:50 pm, Mail Lists wrote: > > > > > cRES_LDROP all -- 172.16.0.0/12 0.0.0.0/0 > > > which I would expect to block 172.16 to 172.31. > > > ... blocked on 172.139.140.122 > > > ... > > Please post your ruleset so we can see everything relating to cRES_LDROP. > > > > Hi: > > More details - firewall generated by a script - this is the > what the script actually runs ... I've removed some (hopefully) > not relevant bits and heres the remainder of script output. > > If its easier I'm happy to post the script itself. > > #Starting iptables firewall ... > # Initializing Iptables Firewall ... > # ** Entering Test mode - nothing is actually run now > > iptables -F > iptables -F -t nat > iptables -F -t mangle > iptables -X # Remove any existing user-defined chains. > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > > # User defined Chains ... > # [ ... delete non-relevant stuff ] > > iptables --new cRES_LDROP > iptables -F cRES_LDROP > iptables -A cRES_LDROP -j LOG --log-level info --log-prefix [FW Drop-Res] > iptables -A cRES_LDROP -j DROP <snip> You are appending a logging rule and then appending a drop rule so the order of processing would be log and then drop - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
