Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
pers.firewall- rulechains get longer and longer
  • From: "Ekki Plicht" <ekki@xxxxxxxxx>
  • Date: Wed, 16 Jan 2002 15:13:41 +0100
  • Message-id: <NFBBIDGHALLMMGMLKPPCIEPBCDAA.ekki@xxxxxxxxx>
Hi list,
as a newbie to Linux I decided to use SuSEpersonal-firewall for simplicity
reasons.
Works fine on a T-DSL line with dial-on-demand.

To learn how the fw works i looked at the output of iptables -L .
Now, after some days i looked again and found that the "forward" rules get
longer and longer. I am not sure, but my guess is that for each dial-up a
new line is added.

The line is:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
and on and on, 40 lines at last count.

Does anybody know the reason for this?
Has this something to do with how the script for the pers. fw is invoked at
each dial-up?

Thanks,
Ekki


< Previous Next >
Follow Ups