Hello, Thank you for your response, you did answer my question. Michael. On Tue, 2 Dec 2003 22:21:08 -0500 <netfilter@xxxxxxxxxxxxx> wrote: > > So my question is do I need default policies for the NAT chains ? > > Michael, it is not necessary for you to specify default policies for the NAT > table chains, as dealing with the packets when they get to the FILTER table > chains will be sufficient. To illustrate my point, look at figure 3b in the > following document ... > http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section3 > The arrow to the extreme left pointing up is where a packet would "enter" > your server from the outside. No matter which path it takes till it gets to > the "down" arrow at the extreme right, it will pass through either the > INPUT, OUTPUT, or FORWARD chains of the FILTER table. Also, any packets > destined for your server will hit the INPUT chain first, giving you the > opportunity to deal with them. So if you don't specifically have an accept > rule defined in the chains of your FILTER table, then packets you haven't > intended to ACCEPT/DROP/"whatever" will be dropped before they either exit > or pass through your server. > > I hope this answers your question, > Brandon Broyles > > -- Michael Gale Network Administrator Utilitran Corporation
