On Sat, 2 Nov 2002, Rob wrote: > > > >>> > You should never set any default policy other than ACCEPT on > >>> > a nat or mangle table. > >>> > > >>> > I sometimes think it was a bad idea even to make it possible. > >>> > >>> No, I don't think so. It's hard for beginners, yes. But once > >>you understand > >>> what iptables is capable of (compared to other commercial products) you > >>> actually are glad that there is a product giving you control over > >>> everything. > >>> Defining the policies for every chain is such a freedom. > >> > >>Can you think of a situation where it would be a good idea to set > >>a default > >>policy other than ACCEPT for a nat or mangle table ? > >> > >>Antony. perhaps i missed an earlier response to this, but what is the effect of setting a DROP policy on a nat or mangle chain? does this mean that any packet that matches a mangle or nat rule will be, not mangle'd or nat'ed, but dropped? sorry if this question has an obvious answer, but assigning a default policy to anything but the filter table is woefully under-documented. rday
