Re: Problems filtering UDP with Netfilter
Stefan Srdic wrote:
>
> I'm attempting to filter all UDP datagrams under the 1023 port range.
> When I use the script below I cannot ping my ISP's web site or even surf
> the net. DO I have a malformed chain or am I missing an essential
> service?
[I only know ipchains but there is no reason that the behaviour is
different with iptables]
You're missing the essential fact that as soon as a rule matches, all
the following rules are ignored. You're thinking the other way: "the
last rule that matches prevails".
In another thread that you started, "Laurence J. Lane" wrote:
> I can't really follow what you're trying, but that second reject rule
> blocks outgoing traffic. (Use iptables -n -v -L to see the list of
> rules and a count of the packets that each affect.) You probably want to
> accept outbound traffic for specific ports before rejecting any.
^
----------------------------------------------!
> > > Try "#!/bin/sh -x" instead.
BTW, "man sh" explains -x on the second page!
Reply to: