try using this instead for your first rule.
iptables -A <chain-name> -p udp -m udp --sport 6277 -j ACCEPT
also temporarily delete the acctout rule and see if that helps first.
Paul
----- Original Message -----
From: "Arthur Sherman" <arturs (at mark) netvision.net.il>
To: <coba-e (at mark) bluequartz.org>
Cc: <leigh (at mark) codacommerce.com>
Sent: Wednesday, June 14, 2006 5:10 PM
Subject: [coba-e:05724] Please help with iptables
> Hi Leigh and others,
>
> I try to set up a rule in iptables (using Leigh's firewall module) to
> allow
> DCC to connect to servers.
>
> Following is a snip from /usr/bin/iptables.sh:
>
> ---these lines shouldn't wrap!---
> echo "Adding DCC support"
> iptables -A acctin -p udp -m udp --sport 6277 --dport 1024:65535 -m state
> --state ESTABLISHED -j ACCEPT
> iptables -A acctout -p udp -m udp --sport 1024:65535 --dport 6277 -m state
> --state NEW,ESTABLISHED -j ACCEPT
> #
> # Finally, unless it's mentioned above, and it's an inbound startup
> request,
> # just drop it.
> #
> iptables -A acctin -i lo -j ACCEPT
> iptables -A acctout -o lo -j ACCEPT
> iptables -A acctin -t filter -p tcp --dport :1023 --syn -j DROP
> iptables -A acctin -t filter -j DROP
> ---end---
>
> Nevertheless, the 'cddc info' says 'no answering servers...'
>
> Now, when I check /etc/sysconfig/iptables, I see that the rules come AFTER
> drop rule.
>
> Why?? Could anyone point me to the mistake?
>
>
>
> Best,
>
> --
> Arthur Sherman
>
> +972-52-4878851
> CPTeam
>
>
>