Hello! Adott a kovetkezo iptables konfig: *tproxy :PREROUTING ACCEPT :OUTPUT ACCEPT :PRintra - -A PREROUTING -i GOODIF -j PRintra COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :spoof - :noise - :icmpk - :tproxy - :LOintra - :LOinter - :DROPINVALID - -A INPUT -i lo -j ACCEPT -A INPUT -j spoof -A INPUT -j noise -A INPUT -p icmp -j icmpk -A INPUT -m tproxy -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state INVALID -j DROPINVALID -A INPUT -m state --state NEW -p tcp ! --syn -j DROPINVALID -A INPUT -i GOODIF -j LOintra -A INPUT -i BADIF -j LOinter -A INPUT -j LOG --log-prefix "INPUT DROP: " -A INPUT -j DROP -A FORWARD -j LOG --log-prefix "FORWARD DROP: " -A FORWARD -j DROP -A spoof -j RETURN -A noise -j RETURN -A icmpk -p icmp --icmp-type echo-request -j ACCEPT -A icmpk -p icmp --icmp-type echo-reply -j ACCEPT -A icmpk -j LOG --log-prefix "Icmpk DROP: " -A icmpk -j DROP -A LOintra -j LOG --log-prefix "LOintra DROP: " -A LOintra -j DROP -A LOinter -j LOG --log-prefix "LOinter DROP: " -A LOinter -j DROP -A DROPINVALID -j LOG --log-prefix "INVALID packet: " -A DROPINVALID -j DROP COMMIT Miert nem tudom megpingetni (egyik labrol sem) a gepet? A belso labarol pingetve a "LOintra DROP: " szoveg kerul a syslog-ba... Az az erdekes, hogy a spoof es a noise chain-be belemennek a csomagok, de az icmpk nevube nem. Mit nem veszek eszre? -- Udvozlettel Zsiga