Hello, I have a linux (slackware) box that I am running iptables on. I have masq. on and I have only one entry in the table. I currently have the policy for FORWARD set to ACCEPT. Here's the problem, if I set the policy to DROP it drops everything. No rules are looked at before dropping it just drops everything. Here is a list of my iptables. bash-2.05# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination bash-2.05# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination with this everything is fine but as you can tell there is no real security, because I ACCEPT all. However, if I set the policy on FORWARD to DROP everything gets dropped regardless of rule entries. Previously I used ipchains, when a packet came in it would traverse the rule entries in the FORWARD list and if it didn't match anything it would apply the policy. With iptables it seems to be doing just the opposite. When packets come in it applys the policy first.??? Is this the case? Britt Tabor Edge Access, Inc. btabor@xxxxxxxxxxxxxx http://www.edgeaccess.net 813.594.6142 Voice 813.249.1126 Fax
