On Friday 23 September 2005 05:22, Iulian Topliceanu wrote: > There are plenty of ACCEPT rules, and in the end a general DENY "DENY"? Is that an ipchains target? > to drop everything that didn't match the ACCEPT rules (obviously) > > There are plenty of NAT rules as well, portforwading and stuff like. Not knowing what those rules are, I cannot help you. Of course if it's as huge and complex as I suspect it is I probably wouldn't even try. I have work to get done today. > Now, *sometimes* but just *sometimes*, ICMP and TCP packages are > simply matching the general DENY rule and dropped, though there is a > rule that says that LAN hosts can communicate without restrictions > between them (there are 8 subnets) So you have seen some kind of pattern. Try LOG for packets before the ... well, you said "DENY" but I am not so sure. The string DENY (case insensitive) is not in my iptables(8) manual. LOG only what matches your pattern. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header