On Monday 08 July 2002 5:32 pm, Jan Humme wrote: > What is the reason that iptables does not support default policies on > user-chains?
I suppose it's partly because there's not a lot of point (that I can see). You can only call a user-defined chain from one of the built-in chains (or from another user-defined chain, which has to be called from a built-in chain, etc...) therefore ultimately it's the default policy of the built-in chain which determines what happens to a packet if none of the rules match. > It seems like such a natural extension, and easy to implement. Or not? Is > there perhaps a catch that I am overlooking? It's easy enough to put a DROP, or ACCEPT, or whatever, as the last rule in your user-defined chain, thereby catching any packets which haven't already matched..... Antony.
