Hello all, when I use a rule : $IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -j DROP The server cannot ping or telnet any other host ! My interfaces config : ifconfig eth0 0.0.0.0 promisc ifconfig eth1 0.0.0.0 promisc brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 ifconfig br0 10.0.0.8 netmask 255.255.240.0 up Firewall rules : echo "1" > /proc/sys/net/ipv4/ip_forward IPTABLES='/sbin/iptables' $IPTABLES -F $IPTABLES -X $IPTABLES -A INPUT -p tcp -d 10.0.0.8 --dport 22 -j ACCEPT $IPTABLES -A INPUT -d 10.0.0.8 -m state --state RELATED,ESTABLISHED -j ACCEPT (1) $IPTABLES -A INPUT -d 10.0.0.8 -m state --state INVALID -j DROP (2) $IPTABLES -A INPUT -j DROP This machine is to be a bridge shaping traffic. It does its job OK but if I include the line (1) or (2) the machine cannot contact anyother ! I did : $IPTABLES -A INPUT -i lo -j ACCEPT and even : $IPTABLES -A INPUT -s 10.0.0.8 -j ACCEPT But not to avail. I guess something is going wrong with the DROP instruction. My config is a Fedora Core 4 with kernel version 2.6.11-1.1369_FC4. Iptables version : 1.3.0 This script used to work fine with an old redhat, kernel was 2.4.18. Is there a patch to apply to the kernel ? Is this a known bug ? I saw some already have this knid of problem but I did not found any answer. Thanks in advance, Stéphane
