my mail wrote:
--- On Sun, 4/12/09, Mart Frauenlob <mart.frauenlob@xxxxxxxxx> wrote:
From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Subject: Re: question about table filter, nat and mangle with chain default policy
To: netfilter@xxxxxxxxxxxxxxx
Date: Sunday, April 12, 2009, 7:11 AM
Don't set the policy to DROP in mangle and nat table.
Put the drop policy only in filter table.
greets
Mart
thanks for your help, but why i can't set policy DROPT in mangle and nat table?
is the mangle and nat table share chain with filter table or why?
because as i remember process from INPUT will not pass the rule for OUTPUT and FORWARD
it's right or i have wrong from understand the iptables rule?
thx again...
The packet flows diagram can explain a lot more than any amount of text:
http://l7-filter.sourceforge.net/PacketFlow.png
... now imagine that the boxes labled mangle::PREROUTING and
nat::PREROUTING had a DROP for all packets.
Which is configured like this:
$IPT -t mangle --policy PREROUTING DROP
$IPT -t nat --policy PREROUTING DROP
AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
