On Tue, 8 Apr 2003, Joel Newkirk wrote: > On Monday 07 April 2003 04:19 pm, Robert P. J. Day wrote: > > [snipped humiliating reminder of my oversight :^)] don't worry about that. i'll just bring it out and beat you with it on occasion. :-) > > > so now, the first question or two. first, even after you > > select "IP tables support", you can deselect *everything* > > inside that menu. if you do that, is there *anything* you > > can do in terms of netfiltering? i mean, does that single > > selectable "IP tables support" option have any functionality > > all by itself? > > Yes. If you select "IP tables support" but no further options within > that set, you can still perform filtering. For example, you could still > ACCEPT or DROP based on source or destination IP. i don't think so, tim. if you look down that list of options, past all the "match" options, you'll see "Packet filtering", whose help screen claims that it defines the "filter" table. without that filter table, i would have assumed that you can't do *any* filtering of any kind, since the filter table wouldn't even exist. i get the feeling that, if you select only "IP tables support" and nothing else, you might be able to set up ACCEPT or DROP policies on the three chains, and that's about it. thoughts? rday
