-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pascal Hambourg wrote: > A possible explanation may be the following. > The remote box sends a continuous stream of UDP packets. The first > packet was received before the ruleset was installed but after the > conntrack was loaded, so a conntrack entry was created with no NAT, and > does not expire because of the continuous stream. Thank you! You hit the nail right on the head! > Clear the conntrack table by any means and see what happens. I cleared it with conntrack -F and you were absolutely right. It's now working as expected. I knew it had to be my naivety but I couldn't see what I was doing wrong. Out of interest, I can't seem to find a syntax that conntrack -D likes; is there a tutorial for it anywhere or any docs better than the man page? Thanks again, Pascal, for that speedy and helpful response. Regards, Cliff. - -- Cliff Stanford Might Limited +44 845 0045 666 (Office) Suite 67, Dorset House +44 7973 616 666 (Mobile) Duke Street, Chelmsford, CM1 1TB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCT0XfNTx9pWyKfwRAsvbAJ9701Tsw6S/KiXOFkXiDEjQPYetwwCgnsEO tdtJvqrbnz9P/SYY3VeSFws= =GwFc -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
