Hi, I'm currently trying to discover iptables. In that aim I created a little script to "protect" my lan (4 computers). It became pretty complex with the time, but remain clean... and should work, at least I think. The problem is it doesn't : it contain, among other things #Loopback interface iptables -A INPUT -o lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT [..] #Apache iptables -A INPUT -p tcp --dport http -m connlimit ! --connlimit-above 40 \ -j ACCEPT >From the inside, wget http://my_server works as it should, from outside also, but not from the computer himself ! For the same reason (i think) Samba cannot connect to CUPS... and I've many other problems. I've tried as I could to understand this problem but failed. On the other hand, each time I suspected a bug in a complex software (iptables here), I was wrong. So, if one would have time to tell me were... mummy would be very happy as she could print again -_^. Sorry for my bad english. You can read the whole script at http://98111.free.fr/serv/served/iptables.en.sh , I tried to traduce comments in english but I'm not sure of the result. By the way, what do you think of the way I tried to reduce the overload due to TARPIT ? Would it work ? Thanks ! Brice -- "Emacs is my operating system, and Linux its device driver." -- Bake Timmons
