El vie, 15 de 10 de 2004 a las 22:25, Daniel Chemko escribiÃ: > > so the drop-all would be..? > > > > iptables -A INPUT -p TCP -i eth0 -s 0/0 -j DROP > > > > or did I just invent my own thing here? > > tia > > Kate > > I was just about to comment: > > To drop by-by-policy, any rule that doesn't get matched earier gets > picked up by the policy rule. > > You would use: > > iptables -P INPUT DROP But remember to put this line before the lines that accept packets or you will be accepting packets before they reach the default policy. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
