I think you mean -P OUTPUT(or whatever) DROP(This has to be a built-in target). If you do want to append a blank rule to be a sudo policy, then I say go with the first as it's more flexable. Keep inmind that any other appended(-A) rule will not be called.
I put up a script that helps sort throught all this -A and -I trash. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192235 --- Bjoern Schmidt <[EMAIL PROTECTED]> wrote: > Do i really need the last three iptables calls? I think > they do the same like the first five calls and could be removed, > but i am not sure... > > > finish_rules() > { > iptables -N CATCH-ALL > iptables -A OUTPUT -j CATCH-ALL > iptables -A INPUT -j CATCH-ALL > iptables -A FORWARD -j CATCH-ALL > iptables -A CATCH-ALL -j DROP > > iptables -A INPUT -j DROP > iptables -A OUTPUT -j DROP > iptables -A FORWARD -j DROP > } > > -- > Greetings > Bjoern Schmidt > __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
