iptables leaking blocked ip addresses.
jengelh at linux01.gwdg.de
Mon Jun 20 20:50:42 CEST 2005
>Yikes, this is very long. First, I see that you're doing all your
>filtering in nat, PREROUTING and POSTROUTING. Why? I prefer to do
>filtering in the filter table as $DEITY intended. :)
Yeah I would wonder too; esp. because they are in OUTPUT, not in
I'd recommend a -P DROP anyway and build up -j ACCEPTs from there.
| Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen,
| Am Fassberg, 37077 Goettingen, www.gwdg.de
More information about the netfilter