> ons, 27,.04.2005 kl. 00.03 -0500, skrev Taylor, Grant: > > When I flush my iptables script the error is gone. > > You say that when you flush your iptables script the error goes away? Are you flushing the firewall completely or just reapplying / rerunning your firewall script? What are you doing when you flush the script? > > iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -F DMZ iptables -X DMZ iptables -F ICMP iptables -X ICMP iptables -F SMTPDROP iptables -X SMTPDROP iptables -t nat -F POSTROUTING # slå av NAT'ing iptables -t nat -F PREROUTING # slå av redirect This is what I do when I run my script with stop parameter. The reason I empty each separately is that I have one chain that I don't want to reload every time (called NORDIC that is the IP classes of the nordic countries). When running these -F and -X the problem goes away. My firewall script works shortly by masking out all traffic to a x/30 mask that is sent to the DMZ chain. All SMTP (dest. port 25) is filtered in SMTPDROP, and ICMP in the ICMP chain. I run the following kernel modules: modprobe ip_tables modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ipt_ULOG Best regards Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
