On Tue, Oct 20, 2015 at 02:37:46PM +0200, giorgio.nicole@xxxxxxxx wrote:
> Hi,
>
> thanks for your answer,
>
> your answer to the first question confirms what I already supposed,
> my workaround is now to add a last 'drop' rule to the input table
> instead of changing the table policy:
>
> add rule inet filter input drop
>
> instead of
>
> add chain inet filter input { policy drop; }
You also can specify the policy by the time you create the basechain
in one go:
add table inet filter
add chain inet filter input { type filter hook input priority 0; policy drop; }
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
