Hi, I try to use an iptables command in conjunction with SuSEfirewall2 (version 3.6.295 on openSUSE 12.2, kernel-desktop-3.4.47-2.38.1.x86_64). Using it standalone, it works as expected: SuSEfirewall2 stop iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner root -j REDIRECT Running rtmpsuck (2.3) behaves as expected (mostly), it catches flv streams, that you display with your browser, and stores them.. (if not, try to restart rtmpsuck.) If this iptables command is integrated in /etc/sysconfig/scripts/SuSEfirewall2-custom it doesn't work anymore: rtmpsuck doesn't detect any streams. SuSEfirewall2 non-default settings (LAN-client): FW_DEV_INT="eth0 eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_PROTECT_FROM_INT="no" FW_KERNEL_SECURITY="no" FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" The yes and no settings are an attempt to fix the issue in question. I would think, it doesn't matter, from which custom callback this command is executed, but I tried all of them without luck already. What's really strange is, SuSEfirewall2 status shows the relevant entry correctly: ### iptables nat ### Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935 ! owner UID match 0 and yes, I call rtmpsuck as root (for testing purposes). BTW, I got best results with rtmpsuck version 2.3. Neither Packmans git version, nor a self backed one based on current git "behaved" well. Since version 2.3 isn't easily available for openSUSE, you can fetch it here: https://build.opensuse.org/package/show/home:frispete:tools/rtmpdump Does somebody in the audience have an idea, why this doesn't work together with SuSEfirewall2? Thanks in advance, Pete -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org