Hi, On Fri, Dec 12, 2008 at 18:28, Art Age Software <artagesw at gmail.com> wrote: > IPTABLES -A INPUT -i bond0 -p tcp -m tcp -s 192.168.1.0/24 -d > 192.168.1.0/24 --dport 11211 -m state --state NEW -j ACCEPT > > s1 kernel: DROP -- Catch All: IN=bond0 OUT= SRC=192.168.1.2 > DST=192.168.1.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=6467 DF PROTO=TCP > SPT=51837 DPT=11211 WINDOW=202 RES=0x00 ACK FIN URGP=0 To use stateful rules, you must have rules for state ESTABLISHED too, otherwise it will only allow the first packet and not the all others. The first rule should always be: iptables -A ... -i bond0 -m state --state ESTABLISHED,RELATED -j ACCEPT That's the point of stateful rules, you match the rules further down for new connections, but existing connections will always match the first rule. You should google for "iptables stateful" and try to get a better explanation of what it is and how it works. HTH, Filipe