> Hope this provides a bit more Info > > On Thu, Aug 26, 2004 at 06:49:07PM -0400, Jason Opperisano wrote: > > > > you cannot set the "policy" of a custom chain, policies only apply to the built-in chains; i.e., iptables -P FORWARD DROP...etc...so i'm not sure what you mean by this. > > That would have been ideal, but I didn't think it was possible either. > > > if a packets jumps to a custom chain, and reaches the end of it--it returnsto the calling chain where it left off. in the above example--a packet with a destination ip of 192.168.1.1 and a src ip of 1.2.3.4 would match the second rule; traverse the BLOCKED chain, and if no rule matches return to the FORWARD chain at the next rule. > > I don't suspect there is anyway to change this, is there? yeah--make the last rule of the chain BLOCKED a DROP rule: iptables -A BLOCKED -j DROP -j
