Default DROP policy for mangle and nat in iptables necessary/wise?
Christian Seberino
seberino@spawar.navy.mil
Mon, 24 Jun 2002 16:36:50 -0700
Ed
I don't have any "-t mangle" rules. Do you agree
that if I make default DROP policy for mangle table
that nothing will get thru???
The reason you can do:
> "$IPTABLES" -t nat -P PREROUTING DROP
> "$IPTABLES" -t nat -P POSTROUTING DROP
is because you have NAT rules that can get thru right?
Chris
>
>
> -----Original Message-----
> From: netfilter-admin@lists.samba.org
> [mailto:netfilter-admin@lists.samba.org] On Behalf Of Christian Seberino
> Sent: Monday, June 24, 2002 2:45 PM
> To: netfilter@lists.samba.org
> Subject: Default DROP policy for mangle and nat in iptables
> necessary/wise?
>
> Linux Firewalls book assigns a default drop policy
> to mangle and nat tables.
>
> I could not get DROP policy to work on these
> tables and I am skeptical this serves any useful
> purpose anyway since packets must all traverse
> filter table anyway.
>
> Is the author of Linux Firewalls on drugs or is
> this really useful somehow?? (assuming you can
> get it to work)
>
> Chris
>
> --
> _______________________________________
>
> Dr. Christian Seberino
> SPAWAR Systems Center San Diego
> Code 2363
> 53560 Hull Street
> San Diego, CA 92152-5001
> U.S.A.
>
> Phone: (619) 553-7940
> Fax: (619) 553-2836
> Email: seberino@spawar.navy.mil
> _______________________________________
>
--
_______________________________________
Dr. Christian Seberino
SPAWAR Systems Center San Diego
Code 2363
53560 Hull Street
San Diego, CA 92152-5001
U.S.A.
Phone: (619) 553-7940
Fax: (619) 553-2836
Email: seberino@spawar.navy.mil
_______________________________________