2010/1/11 Gary Smith <gary.smith@xxxxxxxxxxxxx>: > I'm not really seeing the added value myself. I think it could have a negative benefit to many who use the chains and expect the default rule to be ACCEPT in order to fall through to the next rule. > > Or am I not seeing your bigger picture of how REJECT would affect the sub chains? I think all the OP means is DROP is valid policy target where as REJECT isn't. The big problem though is that DROP / ACCEPT as policy targets or jump targets require no options where as the REJECT target can take options to control the returned ICMP code, which with the current policy handler you couldn't specifiy. -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
