Neil Aggarwal wrote: > Fabian: > > I rebooted the machine to see what would happen. > It went back to not accepting the connections again. > > If I turn off the firewall, everything works fine. > > I believe there is something flaky in the iptables > implementation of CentOS 4.4 from what I am seeing. > > Any ideas? > > I often write my rules as chains that end in a -j LOG --prefix "chainX" then a -j REJECT, and this helps identify where my traffic is failing. I can then later switch off the logging and turn the rejecting to dropping. Below is a particularly lean example, but it shows a method by which you can get detailed feedback on how your chains match certain packets that you pass to them. #!/bin/bash #fail=DROP fail=REJECT log=1 ... [ $log -eq 1 ] && iptables -A INPUT -j LOG --log-prefix 'start:' iptables -N my0ssh iptables -A my0ssh -p tcp -m tcp --m state --state NEW -j RETURN [ $log -eq 1 ] && iptables -A my0ssh -j LOG --log-prefix "my0ssh no match" ... iptables -A INPUT -j my0ssh iptables -J LOG --log-prefix 'fall-thru-failure:' iptables -A INPUT -j $fail