why does this packet not match these rules?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have these rules in my iptables script (iptables -L -v -n):

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination

16955 5070K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0

35895  278M out_lan    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

  16M 3830M out_internet  all  --  *      ppp0    x.x.x.x       0.0.0.0/0

    0     0 ACCEPT     all  --  *      *       0.0.0.0/0           0.0.0.0/0
     state RELATED

26649 1534K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0 
0 level 4 prefix `OUT-unknown:' 

 28209 1621K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0


(where x.x.x.x is my ip), and yet these packets are being logged:

... OUT-unknown:IN= OUT=ppp0 SRC=x.x.x.x DST=y.y.y.y LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=45650 DF PROTO=TCP SPT=43257 DPT=4662 WINDOW=4383 RES=0x00 SYN 
URGP=0

surely this should match rule 3 (src=x.x.x.x, out=ppp0) and be handled by 
out_internet?

thanks,
James
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux