> I don't have any "-t mangle" rules. Do you agree > that if I make default DROP policy for mangle table > that nothing will get thru???
Sounds logical. > > The reason you can do: > > > "$IPTABLES" -t nat -P PREROUTING DROP > > "$IPTABLES" -t nat -P POSTROUTING DROP > > is because you have NAT rules that can get thru right? Yes. > Chris
