On Fri, February 17, 2006 12:14, Mark-Walter@xxxxxxxxxxx wrote: > From time to time the log rule next to the output section show's this: > > Feb 17 10:59:01 gerry kernel: IPT OUTPUT packet died: IN= OUT=eth0 > SRC=192.168.0.1 DST=217.89.23.137 LEN=61 TOS=0x00 PREC=0x00 TTL=64 > ID=19170 DF PROTO=UDP SPT=32769 DPT=53 LEN=41 > > The destination ip is the bind process of my provider. > > What have I to change to avoid this logging ? > > Here are some rules for the OUTPUT section: > > $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT > $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT > $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT These are indeed "some" rules, not all. There are none before these in the OUTPUT chain that could block outgoing traffic ? (You say you use Oscar's script but you could have modified it.) I have not seen your other rules for this chain and assuming there's no DROP or REJECT or such rule in the chain, why do you even bother to set rules in it ? It seems you want to allow everything which is the same as policy set to ACCEPT and no rules in it. Gr, Rob
