Hi
The INPUT chain looks like the following:
pkts bytes target prot opt in out source
destination
35 3235 LOG_DROP all -- pub * 0.0.0.0/0
!1.2.3.4 [goto]
0 0 LOG_ACC tcp -- * * 127.0.0.1
127.0.0.1 state NEW tcp dpt:3000
The following packet is dropped:
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64
ID=31349 DF PROTO=TCP SPT=35130 DPT=3000 WINDOW=32792 RES=0x00 SYN URGP=
which was the cause of executing the "telnet localhost 3000" command
The "pub" interface is a physical ethernet card.
Why is the "IN=" blanc?
Why does the packet match to the first rule?
How is it possible to match only to the second rule?
Thanks Denes
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
