On Thu, 9 Jul 2009 15:06:52 +0200, David Balažic <xerces9@xxxxxxxxx> wrote: > iptables -A input_wan --proto 41 -s 3.4.5.6 -j ACCEPT Doing this in the filter tables is too late. You need to accept proto-41 packets in the PREROUTING chain to stop the connection tracker from looking at them. You can check "conntrack -L" to see which connections are being tracked. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
