My suggestion is for you to do this, insert the 'filtering' rules into the INPUT/OUTPUT/FORWARD chains, eg iptables -I FORWARD -p tcp --dport 22 -j mychain iptables -I INPUT -p tcp --.... -j mychain iptables -I OUTPUT -p udp -- .... -j mychain ..... and so on, and for mychain, iptables -A mychain -j RETURN You can safely put this. It will not disrupt anything. If originally you already have some other accept/deny, they continue to work. --- Nelson Guedes Paulo Junior <npaulo@linux.ime.usp.br> wrote: > I have, at least for the moment, one question about > iptables: > > Does I need to create another chain to sse the bytes > like: > > iptables -N mychain > iptables -I INPUT -j mychain > iptables -I OUTPUT -j mychain > iptables -I FORWARD -j mychain > iptables -A mychain -p tcp --dport 22 -j ACCEPT > > Does I need to do that??? > __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
