\_ [root@arrakis dsaxena]# ipchains -L
\_ Chain input (policy ACCEPT):
\_ target prot opt source destination ports
\_ DENY tcp ------ anywhere anywhere any ->
\_ 0:1024
\_ ACCEPT tcp ------ anywhere dyn-dsl1-148-phx.bazillion.com
\_ any -> smtp
\_ ACCEPT tcp ------ anywhere dyn-dsl1-148-phx.bazillion.com
\_ any -> nameserver
\_ ACCEPT tcp ------ anywhere dyn-dsl1-148-phx.bazillion.com
\_ any -> www
\_ Chain forward (policy ACCEPT):
\_ target prot opt source destination ports
\_ MASQ all ------ anywhere 192.168.0.0/24 n/a
\_ MASQ all ------ 192.168.0.0/24 anywhere n/a
\_ Chain output (policy ACCEPT):
Is it just me, or should that DENY rule come *after* you tell it what
you want to accept? Either that or set global system INPUT policy to
DENY. If you feed ipchains -nvL, you'll get a long listing including
some amusing things like packet counts matched by the rule, IIRC.
David
(text/plain)