Submitted by ptinsley on Sat, 01/03/2009 - 18:49
This is a pretty quick post but I wanted to throw it out here as it might help somebody. When you start getting into several tables and a large rule base it can get to be a bit difficult to figure out what rule blocked a packet that shouldn't have gotten through.
Instead of:
IN=eth1 OUT=tun0 SRC=10.2.1.2 DST=10.3.1.6 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=16679 PROTO=ICMP TYPE=0 CODE=0 ID=29120 SEQ=4
