You could put a RETURN at the end too couldn't you, so it'll return back to the chain it came from and then end up with the original chains DEFAULT policy... no?
thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -----Original Message----- From: Antony Stone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 09 July 2002 2:57 AM To: [EMAIL PROTECTED] Subject: Re: Why are default policies not possible for user-defined chains? On Monday 08 July 2002 5:32 pm, Jan Humme wrote: > What is the reason that iptables does not support default policies on > user-chains? I suppose it's partly because there's not a lot of point (that I can see). You can only call a user-defined chain from one of the built-in chains (or from another user-defined chain, which has to be called from a built-in chain, etc...) therefore ultimately it's the default policy of the built-in chain which determines what happens to a packet if none of the rules match. > It seems like such a natural extension, and easy to implement. Or not? Is > there perhaps a catch that I am overlooking? It's easy enough to put a DROP, or ACCEPT, or whatever, as the last rule in your user-defined chain, thereby catching any packets which haven't already matched..... Antony.
