Debian Bug Tracking System wrote: > ... > Marek wrote: >> ... >> in 'policy': >> lan dsl DROP info 3/minute >> >> in 'rules': >> ACCEPT lan:10.0.1.25 dsl all >> ACCEPT lan:10.0.1.26 dsl all >> >> after startup, logging/dropping rules from iptables -L -n in chain >> '@lan2dsl', >> in chain 'lan2dsl' jump to @lan2dsl after "ACCEPT ESTABISHED,RELATED", >> but >BEFORE< "ACCEPT from 10.0..." rules >> >> think it should be under "ACCEPT from 10.." >> ... > The order of the two rules is not important. ACCEPT from 10... accepts > new connections and ACCEPT ESTABLISHED,RELATED accepts packets belonging > to already established connections. > > The bug can be considered closed.
Lorenzo, I'm not sure we've got to the heart of Marek's problem here. I think getting a shorewall dump and looking at the lan2dsl chain in it would reveal to us more what he is talking about. It sounds to me like what he's describing is that policy logging is happening ahead of rules, which is definitely wrong. If so, we need to check whether this is something Tom has fixed since the release of Debian stable. Regards, Paul <http://paulgear.webhop.net> -- Did you know? The major music labels and on-line stores want to limit your rights to listen to music you have legitimately purchased. Find out more: http://iownmymusic.org/
signature.asc
Description: OpenPGP digital signature
