iptables v1.2.8 OS: SuSE 9.1 After reading several references here on rate limiting logging I tried the following short chain which was intended to log a packet subject to the rate limit and then drop it unconditionally: -A LogDrop -m limit --limit 2/s -j LOG --log-prefix "ICMP:Drop " -A LogDrop -physdev --physdev-in eth0 -j DROP -A LogDrop -physdev --physdev-in eth1 -j DROP However, the first statement not only logged the packets subject to the rate limit but also acted as an implicit ACCEPT. My understanding was that the logging should take place but then the packets should be dropped unconditionally by one of the following DROPs. When the LOG statement was commented out, the packets were dropped as desired. I have reread my documentation and still do not see where my mistake is. Could someone please enlighten my understanding> Thank you, Lucky Leavell
