Hmm, the packages were obviously RETURNed by the line mentioned to the global root "catch all" rule and thats exactly what should normally happen. In the end I neither want the packages to be dropped nor rejected but returned instead for the inspection by other chains, but I will only switch back to RETURN after if I've found the origin for the echo replies. So for now, I am quite happy with both DROP and REJECT, thanks :-) Udo Rader BestSolution.at GmbH http://www.bestsolution.at On Tue, 2005-05-31 at 22:22 -0400, Jason Opperisano wrote: > On Wed, Jun 01, 2005 at 06:21:44PM +0300, Sertys wrote: > > Well , this line : > > iptables -t nat -A Cid3D99741E.0 -d 192.168.100.0/24 -j RETURN > > > > change it to -j DROP and it wont generate any replies. -j RETURN, returns > > the packet and sends and icmp message to the src! > > RETURN returns the packet to the calling chain, or enforces the > root chain's POLICY if there is no calling chain to return to. > your description matches what REJECT does, not RETURN. > > -j > > -- > "Stewie: Damn the toilet. It's made slaves of you all. It just > sits there consuming other people's feces while contributing nothing > of its own to society." > --Family Guy -- B e s t S o l u t i o n . a t EDV Systemhaus GmbH ------------------------------------------------------------------------ udo rader technischer leiter/CEM mobile ++43 660 5263642 ------------------------------------------------------------------------ eduard-bodem-gasse 8/3 A-6020 innsbruck fax ++43 512 935833 http://www.bestsolution.at phone ++43 512 935834
Attachment:
signature.asc
Description: This is a digitally signed message part
