Hi, DROP = refuse the packets and do nothing. REJECT = refuse the packets and send unreachable or other packet (what you have set for REJECT target) to sender. MIRROR = Reverse the source and destination IP and send the packet back to sender. All are terminating targets. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Rakotomandimby (R12y) Mihamina Sent: 13 May 2005 14:37 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: just a remind On Fri, 2005-05-13 at 17:35 +0530, hareram wrote: > you need to Drop all and allow what are the services required that is > the best practice Yes, the policy is to drop. But is REJECT a terminatig target? (I just dont remember) I know that ACCEPT is "terminating". I mean if a packet matches and is ACCEPTed, it is not processed by the following rules. -- ASPO Infogérance http://aspo.rktmb.org/activites/infogerance Unofficial FAQ fcolc http://faq.fcolc.eu.org/ LUG sur Orléans et alentours (France). Tél : 02 34 08 26 04 / 06 33 26 13 14
