> perhaps i missed an earlier response to this, but what is the > effect of setting a DROP policy on a nat or mangle chain? > does this mean that any packet that matches a mangle or nat rule > will be, not mangle'd or nat'ed, but dropped? yes. > sorry if this question has an obvious answer, but assigning a > default policy to anything but the filter table is woefully > under-documented. It doesn't has to be. Take a look at how packets traverse the filter. Philipp
