Hi, > The above worked fine if I have the "FORWARD" to be open to ACCEPT > ie: $IPTABLES -P FORWARD ACCEPT > > Of course, I don't want the default is open to "ACCEPT", is there anyway to > avoid this please ?
Without thinking about your exact setup, here is a general advise: in a case like the one you have on your hands, when you see that a chain default policy is neccessary for something to work, you can immediately guess that you are missing a neccessary rule within the chain itself. Now what can you do to find out what kind of rule you need? Easy: use the LOG target at the end of the chain, and you will see in your syslog (/var/log/messages, most likely) the address information of the packets which fall off the end of your chain. hope this helps Patrick
