>> On an other list I was told it were a good idea to set >> REJECT as policy. > > I could be a good idea if it was possible. Maybe the person who told > you mixed up iptables and ipchains, its "predecessor" for 2.2 > kernels. IIRC ipchains allowed REJECT as a policy. You could emulate a REJECT policy by having this as the very last rules: $ipt -A INPUT -p tcp -j REJECT --reject-with tcp-reset $ipt -A INPUT -j REJECT (I thought it was like this..) But, if you dynamically add rules then you have to take care of at/from which position you insert/delete them.
