On Wednesday 16 January 2002 14:13, Ekki Plicht wrote:
Hi list, as a newbie to Linux I decided to use SuSEpersonal-firewall for simplicity reasons. Works fine on a T-DSL line with dial-on-demand.
Good decision, and congrats on the setup.
To learn how the fw works i looked at the output of iptables -L . Now, after some days i looked again and found that the "forward" rules get longer and longer. I am not sure, but my guess is that for each dial-up a new line is added.
The line is: Chain FORWARD (policy ACCEPT) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU and on and on, 40 lines at last count.
Does anybody know the reason for this? Has this something to do with how the script for the pers. fw is invoked at each dial-up?
I use a very similar setup, with additional rules added by my ip-up.local script. I've not used the FORWARD rule yet, and haven't got 'masq' enabled, so I've not seen this problem yet. What I'd suggest is you put in a rule on ip-down.local, to empty the FORWARD rule with 'iptables -F FORWARD', or just delete the rule that is added on each dial up. Rob