I have iptables FORWARD chain working except for one minor detail... after I set all the ACCEPT rules, I want to set a drop rule/policy to the FORWARD CHAIN as well, thus dropping all the packets I haven't accepted. The problem is, if I use iptables -A FORWARD -j DROP or iptables -P FORWARD DROP they will drop all packets including the ones I already ACCEPTed. example (want to allow all incoming and outgoing www traffic): iptables -A FORWARD -p tcp -d 192.168.1.0/24 --dport 80 -j ACCEPT iptables -A FORWARD -p tcp -d 192.168.1.0/24 --sport 80 -j ACCEPT iptables -A FORWARD -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT iptables -A FORWARD -p tcp -s 192.168.1.0/24 --sport 80 -j ACCEPT iptables -A FORWARD -j DROP Any help is greatly appreciated
