Re: REJECT target not as policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rob Sterenborg a écrit :


You could emulate a REJECT policy by having this as the very last rules:

$ipt -A INPUT -p tcp -j REJECT --reject-with tcp-reset
$ipt -A INPUT -j REJECT

(I thought it was like this..)


What was like what ?


But, if you dynamically add rules then you have to take care of at/from
which position you insert/delete them.
A user-defined chain comes in handy. Jump into it before the REJECT rules and add the dynamic rules in it. 

iptables -N input
iptables -A INPUT -j input
iptables -A INPUT -j REJECT

iptables -A input blah...
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux