On Sunday 2006-January-08 17:01, Michael D. Berger wrote:
> > > I have the same problem. I DROP in the INPUT chain, but
> > > the connection stays up
Likely so, insofar as your local process knows, as explained in my
corrected reply to Bob Nichols. But ...
> > > and receives more junk.
No, not if you used a rule as the OP did, with -I to put it at the top
of INPUT rules. If a packet matches the first DROP rule, that's where
it stops. If a --state RELATED,ESTABLISHED -j ACCEPT rule precedes the
DROP, yes, but that's a different issue.
> > > I await admonition by those more knowledgeable than I.
Does it make sense now?
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
