Ed I don't have any "-t mangle" rules. Do you agree that if I make default DROP policy for mangle table that nothing will get thru???
The reason you can do: > "$IPTABLES" -t nat -P PREROUTING DROP > "$IPTABLES" -t nat -P POSTROUTING DROP is because you have NAT rules that can get thru right? Chris > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Christian Seberino > Sent: Monday, June 24, 2002 2:45 PM > To: [EMAIL PROTECTED] > Subject: Default DROP policy for mangle and nat in iptables > necessary/wise? > > Linux Firewalls book assigns a default drop policy > to mangle and nat tables. > > I could not get DROP policy to work on these > tables and I am skeptical this serves any useful > purpose anyway since packets must all traverse > filter table anyway. > > Is the author of Linux Firewalls on drugs or is > this really useful somehow?? (assuming you can > get it to work) > > Chris > > -- > _______________________________________ > > Dr. Christian Seberino > SPAWAR Systems Center San Diego > Code 2363 > 53560 Hull Street > San Diego, CA 92152-5001 > U.S.A. > > Phone: (619) 553-7940 > Fax: (619) 553-2836 > Email: [EMAIL PROTECTED] > _______________________________________ > -- _______________________________________ Dr. Christian Seberino SPAWAR Systems Center San Diego Code 2363 53560 Hull Street San Diego, CA 92152-5001 U.S.A. Phone: (619) 553-7940 Fax: (619) 553-2836 Email: [EMAIL PROTECTED] _______________________________________
