Hi,
According to a how to i read (http://www.boingworld.com/workshops/linux/iptables-tutorial/iptables-tutorial.html#TRAVERSING_OF_TABLES) I should not filter in PREROUTING. Does this mean my default policie should be accept and write no rules in prerouting excpept to do dnat. Or should i set my policie to drop and write rules to allow traffic...and if i do this say... /sbin/iptables -t nat -A PREROUTING -s 0/0 -d $inet_ip -p tcp \ --dport 22 -j ACCEPT (could i jump traffic from the nat table to a user defined chain in the filter table?) will this skip my filter rules input and if not...why should i not write filter rules in prerouting. It seems to me alot of rules and chains could be avoided by writing filter rules in prerouting. Thanks, jd _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
