Peter Green wrote: > ipchains -P forward REJECT I normally terminate chains with e.g.: ipchains -A forward -j REJECT -l then prepend a few non-logging REJECT rules to remove known cruft (e.g. NetBIOS lookups). What gets logged may include clues that you are: a) rejecting packets that you need to accept, or b) trying to run software which won't work behind a firewall, or isn't correctly configured for running behind a firewall, or c) being scanned, cracked, etc. -- Glynn Clements <glynn@sensei.co.uk> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
