On Wed, 2004-09-01 at 07:54, Mike wrote: > I thought I had seen others on this list discuss starting with a > completely closed router that denies all traffic - INPUT, OUTPUT, and > FORWARD; filter, nat, and mangle. yes, you have. i don't personally agree with this (with respect to nat & mangle). > echo " Set the filter/nat/mangle packet Matching Table Policy." > $IPTABLES -t filter -P INPUT DROP > $IPTABLES -t filter -P OUTPUT DROP > $IPTABLES -t filter -P FORWARD DROP good, good... > $IPTABLES -t nat -P PREROUTING DROP > $IPTABLES -t nat -P POSTROUTING DROP > $IPTABLES -t nat -P OUTPUT DROP > $IPTABLES -t mangle -P INPUT DROP > $IPTABLES -t mangle -P OUTPUT DROP > $IPTABLES -t mangle -P FORWARD DROP > $IPTABLES -t mangle -P PREROUTING DROP > $IPTABLES -t mangle -P POSTROUTING DROP bad... you will be in a world of hurt trying to get anything to work with the policies of every nat & mangle chain set to drop. filter in the filter table nat in the nat table mangle in the mangle table the ultimate FM: http://iptables-tutorial.frozentux.net/iptables-tutorial.html -j -- Jason Opperisano <opie@xxxxxxxxxxx>
