Daniel Waeber wrote: > I was looking for a way to set the default rule for the INPUT > chain to DROP. I do not want to change the rule with iptables -P > INPUT DROP after loading the kernel, I want that the > kernel/modules automatically DROPS everything after it has been > loaded. > You can do this with the FORWARD chain with the parameter > forward=0, but nothing is implemented for the INPUT chain as far > as i know. I looked inside the kernel source of the modules, and > hey, it is easy to change. I recompiled the module, reloaded it. > Perfect, now i have default DROP. > But as it is so easy to edit, why is there no option in the > kernel or a parameter for the module
Make a patch that adds this parameter, allowing one to set the default policy for the input chain (and output chain too), and submit it to the kernel list. Or show it here first. I'd be interested. (By the way, please do not reply to another message when starting a new topic.) Benno -- [email protected] mailing list
