This is only telling whats the policy of the chain, setting it to DROP will drop all packets that dont match a rule in the chain. A good idea would be to put them first. Regards John Berntsen ----- Original Message ----- From: "Thiago Lima " <thiagolima@xxxxxxxxxxxxxxx> To: <Alistair@xxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, April 29, 2003 5:09 PM Subject: RE: SNAT firewall maybe compromised. Misconfiguration? > > No, I did not. > > The script was cut off, but only in some portforwarding rules, just more > 5 redirects. > > Should I use this -P INPUT DROP -P FORWARD DROP in both interfaces? In > the end of my script? > > thanks > thiago. > > > -----Original Message----- > From: Alistair Tonner [mailto:Alistair@xxxxxxxxxx] > S > > You aren't showing us your policies, and that leads me to > believe > that the chain policies might be ACCEPT ... which is very not > good. > Also it ranter looks like this script was cut off.... so I can't > be sure... > > $IPTABLES -P INPUT DROP > $IPTABLES -P FORWARD DROP > > ?? do you do this at all?? > -- > > Alistair Tonner > nerdnet.ca > Senior Systems Analyst - RSS > > Any sufficiently advanced technology will have the appearance of > magic. > Lets get magical! > >
