Le mar 06/04/2004 à 20:00, Stuart Lamble a écrit : > If prerouting is the first rule a packet touches when arriving at the > firewall, why then do we not set the default to DROP here and allow > through what we need. Because filtering should be done in filter table. Moreover, except for very specific case, I don't see the benefit in having rules within PREROUTING that will allow packets, then having other rules within INPUT/FORWARD to let them go. It seems a waste of time to me as theses rules (PREROUTING vs. INPUT/FORWARD) are necessarily redundant. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
