Hello Bjoern,
Hello Richard,
you are right! There is no need for them!
i removed the last three lines. Since then the kernel used the INPUT chain policy two times to drop packets:
iptables -vL
Chain INPUT (policy DROP 2 packets, 316 bytes)
pkts bytes target prot opt in out source destination
223K 39M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1134 58488 LAN all -- eth0 any anywhere anywhere state NEW
45 2714 LOOPBACK all -- lo any anywhere anywhere
0 0 DSL_IN tcp -- ppp0 any anywhere anywhere state NEW tcp dpt:ssh
0 0 DSL_IN tcp -- ppp0 any anywhere anywhere state NEW tcp dpt:auth
78 4902 SHRED all -- any any anywhere anywhere
The last rule in this chain is:
finish_rules()
{
iptables -N SHRED
iptables -A INPUT -j SHRED
iptables -A SHRED -j ULOG
iptables -A SHRED -j DROP
}This rule should match on all packets so that the chain policy will never be used, but it does not work correctly. Where is the mistake?
-- Greetings Bjoern Schmidt
