Sven Schuster wrote:
try iptables -L -v this will give you additional information about your rules!
Yep. -x and -n are also quite useful when viewing your configuration. "man iptables" is your friend.
I don't think iptables checks if the interface exists on rule insertion time. Which makes sense in my opinion, so you can add rules e.g. for device ppp0 (or even all devices beginning with 'ppp' as expressed by 'ppp+') before the specific device has been created.
Agreed. Being able to insert rules for non-existent interfaces is definitely desirable and by design. It means rules can be in place before an interface comes up or even exists. This is highly useful from a security perspective and also provides flexibility about when you set up your firewall.
Menno Scanned by the NetBox from NetBox Blue (http://netboxblue.com/)
