On Tue, 2004-11-23 at 04:31, Jason Opperisano wrote:
> On Tue, 2004-11-23 at 04:18, BjÃrn Schmidt wrote:
> > Does not work. I only changed "-J LOG -log-prefix" to "-j ULOG -ulog-prefix"
>
> then either i'm an idiot or there's something horribly wrong with your
> kernel. both are about equally likely at this point.
just for my own edification--i installed that rule base on my wireless
laptop, which runs a VPN tunnel for all its traffic (but normally does
not use connection tracking), and it does work--so i don't think this is
a "bug" per se.
this is on Fedora Core 2, kernel 2.6.9-1.3, iptables version 1.2.9
(sorry about the line mangling)
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out
source destination
878 656329 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
883 718600 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 MARK match 0x1 state NEW
0 0 ACCEPT udp -- eth1 *
192.168.1.125 0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT esp -- eth1 *
192.168.1.125 0.0.0.0/0
0 0 ACCEPT all -- lo *
0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out
source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out
source destination
778 88999 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
26 2037 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * eth1
0.0.0.0/0 192.168.1.125 udp spt:500 dpt:500
0 0 ACCEPT esp -- * eth1
0.0.0.0/0 192.168.1.125
-j
--
"I'm better than dirt. Well, most kinds of dirt... not that fancy
store-bought dirt... that stuff's loaded with nutrients, I... I
can't compete with that stuff."
--The Simpsons
