On Friday 23 September 2005 05:22, Iulian Topliceanu wrote:
> There are plenty of ACCEPT rules, and in the end a general DENY
"DENY"? Is that an ipchains target?
> to drop everything that didn't match the ACCEPT rules (obviously)
>
> There are plenty of NAT rules as well, portforwading and stuff like.
Not knowing what those rules are, I cannot help you. Of course if it's
as huge and complex as I suspect it is I probably wouldn't even try. I
have work to get done today.
> Now, *sometimes* but just *sometimes*, ICMP and TCP packages are
> simply matching the general DENY rule and dropped, though there is a
> rule that says that LAN hosts can communicate without restrictions
> between them (there are 8 subnets)
So you have seen some kind of pattern. Try LOG for packets before
the ... well, you said "DENY" but I am not so sure. The string DENY
(case insensitive) is not in my iptables(8) manual. LOG only what
matches your pattern.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
