> > If I change the LOG_ACCEPT to ACCEPT, strangely SSH starts working. > > Not so strange to me. Using the ACCEPT target, you're > actually ACCEPTing the packet(s) whereas LOG_ACCEPT doesn't > (do anything). Maybe this isn't clear. ACCEPT is a final target: the packet will be accepted and that's that. LOG_ACCEPT is a userdefined chain, not a target, but you can send packets matching a rule to such chain for further processing. You should add rules to this chain that tell Netfilter what to do with a packet; if the chain is empty, nothing will be done. The packet will not be accepted, simply because the chain is called 'LOG_ACCEPT'. -- Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html