On Thu, 2003-10-16 at 17:37, Britt Tabor wrote: > Hello, > > I have a linux (slackware) box that I am running iptables on. I have masq. on and I have only one entry in the table. I currently have the policy for FORWARD set to ACCEPT. Here's the problem, if I set the policy to DROP it drops everything. No rules are looked at before dropping it just drops everything. Here is a list of my iptables. > > bash-2.05# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > bash-2.05# iptables -t nat -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > MASQUERADE all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > with this everything is fine but as you can tell there is no real security, because I ACCEPT all. However, if I set the policy on FORWARD to DROP everything gets dropped regardless of rule entries. Previously I used ipchains, when a packet came in it would traverse the rule entries in the FORWARD list and if it didn't match anything it would apply the policy. With iptables it seems to be doing just the opposite. When packets come in it applys the policy first.??? > > Is this the case? > No, what command are you using to set the policy on the forward chain? > > > > > > Britt Tabor > Edge Access, Inc. > btabor@xxxxxxxxxxxxxx > http://www.edgeaccess.net > 813.594.6142 Voice > 813.249.1126 Fax > > > -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
