Rob Sterenborg a écrit :
You could emulate a REJECT policy by having this as the very last rules: $ipt -A INPUT -p tcp -j REJECT --reject-with tcp-reset $ipt -A INPUT -j REJECT (I thought it was like this..)
What was like what ?
But, if you dynamically add rules then you have to take care of at/from which position you insert/delete them.
A user-defined chain comes in handy. Jump into it before the REJECT rules and add the dynamic rules in it.
iptables -N input iptables -A INPUT -j input iptables -A INPUT -j REJECT iptables -A input blah...