hi all
what if I do (and im doing this from last two hours ;))
iptables -A FORWARD -p tcp --dport 31000:65500 -j DROP iptables -A FORWARD -p udp --dport 31000:65500 -j DROP
[snip]
iptables -L -nvx gives too many counts whenever I checked, especailly numbers are very high for UDP "udp --dport 31000:65500 -j DROP"
Depending on your other rules this might not be good idea. Here's an example why. If client connects to say your web server, it may look something like this:
client sport 54321 to server dport 80 for incoming packets server sport 80 to client dport 54321 for outgoing packets
As you can guess by now, your rules are blocking outgoing packets of an perfectly legal connection.
BTW, you should really consider setting default policy to DROP, and allow only what you need.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
