Hi, On Mon, Aug 19, 2002 at 04:58:30PM +1000, Lucas Barbuto wrote: > Just to clear up, I placed the DROP rules above the state ACCEPT rules > in my firewall script and now it seems to be working. This is > interesting, I think. > > Thanks for your help anyway guys and if you can explain to me why this > is I'd appreciate it. this is because in Linux packet filtering the first matching ACCEPT/DROP rule ends processing of the packet. This is different than other packet filters (OpenBSD's pf, ipfilter), which continue checking rules and applying the action that the last matching rule stated. Ciao, Arne. -- ,``o. OpenBSD - Debian GNU/Linux - Solaris >o) >( ,c@ GPG 1024D/913C2F81 2000-10-11 Arne P. Boettger <apb@createx.de> /\\ ',,,' Fingerprint = 6ED9 9A64 CD8A EB6F D841 0391 2F08 8F86 913C 2F81 _\_V
Attachment:
pgpfiM1piSC0U.pgp
Description: PGP signature