----- Original Message ----- From: "gabriel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 01, 2003 2:57 PM Subject: Re: [gentoo-user] iptables help
> NO! that will pretty much negate the use of a firewall alltogether! where > are you droping/rejecting packets? basically your script says this: > > accept everything incoming > accept everything outgoing > accept everything forwarding > forward all traffic from ppp0 to eth0 > nat your internal lan to eth0 > accept all established or related packets > accept all incoming packets from the internal lan > accept all incoming connections from any ip, on any interface on ports 22, 25, > and 80. > drop everything else that's incoming. No, changing the policy changes the DEFAULT behaviour for that chain. It's not part of the normal rule order for the chain. Do iptables -L INPUT, you'll see that the policy is listed at the top, not in the normal sequence of rules. Any chain can only have 1 policy so once you change it, it over-rides the earlier setting. -- [EMAIL PROTECTED] mailing list