Hmmm... His rules won't match as the packets are dropped due to the default policy of the chain. Just add at the end of your rules a log target for all who passed the "ACCEPT" rules. Do you have nat employed on your firewall? (because you have 192.* IP addresses) On Tue May 19 2009 wrote Jozsef Kadlecsik: > On Tue, 19 May 2009, Miguel Ghobangieno wrote: > > I'm trying to make a bridge firewall that allows ssh in, and allows > > http/https out, but nothing else... ebtable ruleset isn't working Sad > > > > This is what I have so far. When I set the default policy to allow > > everything gets through, when deny nothing gets through: > > [...] > > Why don't you add log watchers to every of your rules as the last "match"? > Thus you could see at least which rules match. Your rules seem to be OK > but with logging enabled that'd be definitely answered. Without more > information, nobody could help you. > > [And don't spam mailing lists like openssl-users which has nothing to do > with ebtables, even if you are desperate.] > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Christoph Paasch École Polytechnique de Louvain Département d'ingénierie informatique www.rollerbulls.be --
Attachment:
signature.asc
Description: This is a digitally signed message part.