On September 28, 2004 11:37 am, Florian Boelstler wrote: > I forgot to paste a very important statement: > > Florian Boelstler wrote: > > # DROP & LOG chain > > > > $IPTABLES -N DROPnLOG > > $IPTABLES -A DROPnLOG -p ICMP -j ULOG --ulog-nlgroup 1 --ulog-prefix > > "DROP-ICMP " > > $IPTABLES -A DROPnLOG -p TCP -j ULOG --ulog-nlgroup 1 --ulog-prefix > > "DROP-TCP " > > $IPTABLES -A DROPnLOG -p UDP -j ULOG --ulog-nlgroup 1 --ulog-prefix > > "DROP-UDP " > > $IPTABLES -A DROPnLOG -j DROP > > [ ... ] Indeed an important component -- the point being that user created tables cannot have a POLICY set and when a packet reaches the end of a user created table, unless otherwise set, the packet RETURNS to the calling table and continues to traverse it again at that point. (just clarifying for the record) Alistair.Tonner
