From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.1) Gecko/20010607 Netscape6/6.1b1 Description of problem: iptables ignores pop3 and smtp port settings on --dport How reproducible: Always Steps to Reproduce: /sbin/iptables -A FORWARD -o eth1 -p tcp -s pat.foo.com -d $MAIL_SRV --destination-port pop3 -j LOG /sbin/iptables -A FORWARD -o eth1 -p tcp -s pat.foo.com -d $MAIL_SRV --destination-port pop3 -j REJECT /sbin/iptables -A FORWARD -o eth1 -p tcp -s pat.foo.com -d $MAIL_SRV --destination-port smtp -j LOG /sbin/iptables -A FORWARD -o eth1 -p tcp -s pat.foo.com -d $MAIL_SRV --destination-port smtp -j REJECT Actual Results: Chain FORWARD (policy DROP) target prot opt source destination LOG tcp -- Pat.foo.com anywhere tcp dpt:pop3 LOG level warning REJECT tcp -- Pat.foo.com anywhere tcp dpt:pop3 reject-with icmp-port-unreachable LOG tcp -- Pat.foo.com anywhere tcp dpt:smtp LOG level warning REJECT tcp -- Pat.foo.com anywhere tcp dpt:smtp reject-with icmp-port-unreachable Expected Results: the destination should be the IP addres for $MAIL_SRV not "anywhere". Actual test with live packets confirmed the "anywhere" problem. No pop3 or smtp traffic was allowed out of Pat.foo.com to anywhere Additional info: Reproducing this may require the entire firewall. Please eMail me if it is required and I will send it to you
Can't reproduce this in 1.2.2-3