From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HjAWc-0005D8-Jo for garchives@archives.gentoo.org; Wed, 02 May 2007 08:49:27 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l428mAij004801; Wed, 2 May 2007 08:48:10 GMT Received: from psmtp03.wxs.nl (psmtp03.wxs.nl [195.121.247.12]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l428hsTd032571 for ; Wed, 2 May 2007 08:43:54 GMT Received: from graskamp (ip51cfa1ef.direct-adsl.nl [81.207.161.239]) by psmtp03.wxs.nl (iPlanet Messaging Server 5.2 HotFix 2.15 (built Nov 14 2006)) with ESMTP id <0JHE006S4O93VY@psmtp03.wxs.nl> for gentoo-user@lists.gentoo.org; Wed, 02 May 2007 10:43:51 +0200 (MEST) Date: Wed, 02 May 2007 10:43:44 +0200 From: Benno Schulenberg Subject: Re: [gentoo-user] Useless error messages from iptables-restore In-reply-to: <20070502023827.GA4406@waltdnes.org> To: gentoo-user@lists.gentoo.org Message-id: <200705021043.44928.benno.schulenberg@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: KMail/1.9.6 References: <20070501205054.GA6291@waltdnes.org> <20070502023827.GA4406@waltdnes.org> X-Archives-Salt: 1ceada00-620c-490a-9796-ccb22e2c88af X-Archives-Hash: f2b7e7ba2ac6753d842e5e2136c3f662 waltdnes@waltdnes.org wrote: > The final remaining problem is with the 3 statements scattered > through the rules... > > -A ICMP_IN -p icmp -m state --state NEW -j UNSOLICITED > -A TCP_IN -p tcp -m state --state NEW -m tcp -j UNSOLICITED > -A UDP_IN -p udp -m state --state NEW -j UNSOLICITED The "-m tcp" is a typo, yes? The setting you might me missing is CONFIG_NF_CONNTRACK_IPV4=y. Grep through your .config and compare: # grep ^CONF /usr/src/linux/.config | grep -e _NF -e NETFILTER CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_NF_CONNTRACK_ENABLED=y CONFIG_NF_CONNTRACK_SUPPORT=y CONFIG_NF_CONNTRACK=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_NFLOG=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y Benno -- gentoo-user@gentoo.org mailing list