Ooouuuchh..my bad. I mistook LOG_ACCEPT for a target similar to ACCEPT. Looks like rules on LOG_ACCEPT chain got removed incorrectly during some iptables-save/iptables-restore operations Thanks a a lot Rob and Pandu Regards Ajay On Sat, Mar 19, 2011 at 1:06 AM, Pandu Poluan <pandu@xxxxxxxxxxx> wrote: > Which is why I always use all-lowercase for userchains. No chance of a > mixup with TARGETs (they are always all-uppercase). > > Rgds, > > > On 2011-03-19, Rob (lists) <lists@xxxxxxxxxxxxxxx> wrote: >>> > If I change the LOG_ACCEPT to ACCEPT, strangely SSH starts working. >>> >>> Not so strange to me. Using the ACCEPT target, you're >>> actually ACCEPTing the packet(s) whereas LOG_ACCEPT doesn't >>> (do anything). >> >> Maybe this isn't clear. >> ACCEPT is a final target: the packet will be accepted and that's that. >> LOG_ACCEPT is a userdefined chain, not a target, but you can send >> packets matching a rule to such chain for further processing. You should >> add rules to this chain that tell Netfilter what to do with a packet; if >> the chain is empty, nothing will be done. The packet will not be >> accepted, simply because the chain is called 'LOG_ACCEPT'. >> >> >> -- Rob >> >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > > -- > -- > Pandu E Poluan - IT Optimizer > My website: http://pandu.poluan.info/ > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
