>> http://204.238.34.206/iptables-save-20jun2005.txt > >Yikes, this is very long. First, I see that you're doing all your >filtering in nat, PREROUTING and POSTROUTING. Why? I prefer to do >filtering in the filter table as $DEITY intended. :) Yeah I would wonder too; esp. because they are in OUTPUT, not in PRE/POSTROUTING. I'd recommend a -P DROP anyway and build up -j ACCEPTs from there. Jan Engelhardt -- | Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen, | Am Fassberg, 37077 Goettingen, www.gwdg.de
