Ahhhh all is clear now.....One more thing, so they can basicly contain any
set of rules ? Can I put logging on to them eg :
ipchains -P input DENY -l
Thanks,
Pieter
-----Original Message-----
From: Mikkel L. Ellertson [mailto:[EMAIL PROTECTED]]
Sent: 10 April 2001 03:14
To: '[EMAIL PROTECTED]'
Subject: Re: IPChains up-side down ?!?
On Tue, 10 Apr 2001, Pieter De Wit wrote:
> Hello All,
>
> I have created my first (and very proud of it <grin>) ipchains script. My
> question is, at the start of the script I do the following :
>
> ipchains -F
>
> ipchains -P input DENY
> ipchains -P output DENY
> ipchains -P forward DENY
>
> This flushes the chains and sets the default to DENY all. After that I add
> my normal rules to ALLOW only what I want. If ipchains work on a
first-match
> system, why do I still get traffic to my box ?
>
> Thanks,
>
> Pieter De Wit
>
If I understand what you are asking, you want to know why all trafic
does not match the -P <direction> deny rule, and block all trafic. the
reasion is that the -P option sets the rule that is followed if no other
rules match. If you want, you can think of them as rules that are put
at the bottom of the list, and stay at the bottom even if you add more
rules to the list.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
