Hello all, I'm seriously puzzled by the behaviour of iptables in plain Linux-2.6.12. I have the following rules: Chain INPUT (policy ACCEPT) target prot opt source destination HiMoNN-ACL-ath0 all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination HiMoNN-ACL-ath0 all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain HiMoNN-ACL-ath0 (2 references) target prot opt source destination DROP all -- anywhere anywhere Every incoming packet should be unconditionally dropped by the rule in chain HiMoNN-ACL-ath0. Unfortunately this is not what I see. External devices are still able to obtain IP addresses. DHCP requests (e.g. broadcast addressed packets) are not blocked. What am I doing wrong? This should be straight forward but proves itself to be a hard nut to crack. Just in case you wonder: The HiMoNN-ACL-ath0 chain is supposed to hold a white list of MAC addresses that are allowed in. If there is a better way to do this, I would like to learn about it. Just in case it helps, here is the iptables-save output that creates the above rules: # Generated by iptables-save v1.2.11 on Tue Apr 11 17:11:01 2006 *filter :INPUT ACCEPT [434:49608] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [740:64416] :HiMoNN-ACL-ath0 - [0:0] -A INPUT -i ath0 -j HiMoNN-ACL-ath0 -A FORWARD -i ath0 -j HiMoNN-ACL-ath0 -A HiMoNN-ACL-ath0 -j DROP COMMIT # Completed on Tue Apr 11 17:11:01 2006 -- Thanks in advance and kind regards Joerg
