Hello, > Can you see "RULE 17"? Rule 17 is the final deny everything else rule. Rule 15 is the one which should allow everything "local" on the firewall # # Rule 15 (global) # echo "Rule 15 (global)" # # # $IPTABLES -N Cid4A4A84F123430.0 $IPTABLES -A INPUT -s myip -m state --state NEW -j Cid4A4A84F123430.0 $IPTABLES -A INPUT -s 127.0.0.1 -m state --state NEW -j Cid4A4A84F123430.0 $IPTABLES -A Cid4A4A84F123430.0 -d myip -j ACCEPT $IPTABLES -A Cid4A4A84F123430.0 -d 127.0.0.1 -j ACCEPT $IPTABLES -N Cid4A4A84F123430.1 $IPTABLES -A OUTPUT -s myip -m state --state NEW -j Cid4A4A84F123430.1 $IPTABLES -A OUTPUT -s 127.0.0.1 -m state --state NEW -j Cid4A4A84F123430.1 $IPTABLES -A Cid4A4A84F123430.1 -d myip -j ACCEPT $IPTABLES -A Cid4A4A84F123430.1 -d 127.0.0.1 -j ACCEPT # # Rule 17 (global) # echo "Rule 17 (global)" # # # $IPTABLES -N RULE_17 $IPTABLES -A OUTPUT -j RULE_17 $IPTABLES -A INPUT -j RULE_17 $IPTABLES -A RULE_17 -j LOG --log-level info --log-prefix "RULE 17 -- DENY " --log-tcp-sequence --log-tcp-options --log-ip-options $IPTABLES -A RULE_17 -j DROP As we normaly can connect, but just a few random connection don't work, I assume that there is some timeout or some entries flushed somewhere in the filter stuff. André
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
