Hi, I've run into the same that has (only) been postet once ( http://lists.netfilter.org/pipermail/netfilter/2005-July/061667.html ) on this list. Somewhere between 1.3.1 and 1.3.2 release something has been changed that has to do with zeroring chains. It used to be the case that an # iptables -L INPUT -nxZ set counters on the INPUT chain to 0 right after output (conforms to any document about --zero/-Z i.e. man page, etc.) With 1.3.2 (not yet tested on 1.3.3) the counters stay intact. Alas, this only happens to the built-in chains (INPUT,OUTPUT, FORWARD) - not to user-defined chains like: # iptables -N acc_in # iptables -A acc_in -j RETURN # iptables -I INPUT -j acc_in [..let some data flow..] # iptables -L acc_in -nxZ [..shows current counters of "acc_in" chain and zeroes it's counters..] Christian
