Hello,
Is there any distinction made between PREROUTING and POSTROUTING for the
drop policy?
Try this.
"$IPTABLES" -t nat -P PREROUTING DROP
"$IPTABLES" -t nat -P POSTROUTING DROP
It *DOES* work and it's highly effective.
Ed
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Christian Seberino
Sent: Monday, June 24, 2002 2:45 PM
To: [EMAIL PROTECTED]
Subject: Default DROP policy for mangle and nat in iptables
necessary/wise?
Linux Firewalls book assigns a default drop policy
to mangle and nat tables.
I could not get DROP policy to work on these
tables and I am skeptical this serves any useful
purpose anyway since packets must all traverse
filter table anyway.
Is the author of Linux Firewalls on drugs or is
this really useful somehow?? (assuming you can
get it to work)
Chris
--
_______________________________________
Dr. Christian Seberino
SPAWAR Systems Center San Diego
Code 2363
53560 Hull Street
San Diego, CA 92152-5001
U.S.A.
Phone: (619) 553-7940
Fax: (619) 553-2836
Email: [EMAIL PROTECTED]
_______________________________________
