[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems filtering UDP with Netfilter

Stefan Srdic wrote:
> I'm attempting to filter all UDP datagrams under the 1023 port range.
> When I use the script below I cannot ping my ISP's web site or even surf
> the net. DO I have a malformed chain or am I missing an essential
> service?

[I only know ipchains but there is no reason that the behaviour is
different with iptables]
You're missing the essential fact that as soon as a rule matches, all
the following rules are ignored. You're thinking the other way: "the
last rule that matches prevails".

In another thread that you started, "Laurence J. Lane" wrote:
> I can't really follow what you're trying, but that second reject rule
> blocks outgoing traffic. (Use iptables -n -v -L to see the list of
> rules and a count of the packets that each affect.) You probably want to
> accept outbound traffic for specific ports before rejecting any.

> > > Try "#!/bin/sh -x" instead.

BTW, "man sh" explains -x on the second page!

Reply to: