* Mario Ohnewald <mario.Ohnewald@xxxxxx> 3. Mar 04: > Hi, Hello, > I call this default policy at the beginning of my script (actually > SuSEFirewalls script): It doesn't matter, when you call it. Packets traverse chains from top to bottom. The 'bottom' is the default policy. (Well, it's listed on top, but you know what I mean.) > $IPTABLES -F INPUT > $IPTABLES -F OUTPUT > $IPTABLES -F FORWARD 2> /dev/null > $IPTABLES -P INPUT "$DROP" > $IPTABLES -P OUTPUT "$ACCEPT" > $IPTABLES -P FORWARD "$ACCEPT" 2> /dev/null > $IPTABLES -F > $IPTABLES -X > $IPTABLES -t nat -F > $IPTABLES -t nat -X > $IPTABLES -t mangle -F > $IPTABLES -t mangle -X > > so why am i "-j ACCEPT" accepting it before that? In these scrambled outputs I did not wanted to sort again was a match-any-rule with -j ACCEPT in your OUTPUT (it isn't set here). So never a packet reached the bottom (policy) of your OUTPUT. Please RTFM, regards, Frank. -- Sigmentation fault
