>>> > You should never set any default policy other than ACCEPT on >>> > a nat or mangle table. >>> > >>> > I sometimes think it was a bad idea even to make it possible. >>> >>> No, I don't think so. It's hard for beginners, yes. But once >>you understand >>> what iptables is capable of (compared to other commercial products) you >>> actually are glad that there is a product giving you control over >>> everything. >>> Defining the policies for every chain is such a freedom. >> >>Can you think of a situation where it would be a good idea to set >>a default >>policy other than ACCEPT for a nat or mangle table ? >> >>Antony. >> >>-- >> >>90% of network problems are routing problems. >>9 of the remaining 10% are routing problems in the other direction. >>The remaining 1% might be something else, but check the routing anyway. When someone is learning how to network program and they screw up the code and they dont want packets to get out of the local lan....hint i am learning to network program. Robert W.
