iptables leaking blocked ip addresses.
Jan Engelhardt
jengelh at linux01.gwdg.de
Mon Jun 20 20:50:42 CEST 2005
>> http://204.238.34.206/iptables-save-20jun2005.txt
>
>Yikes, this is very long. First, I see that you're doing all your
>filtering in nat, PREROUTING and POSTROUTING. Why? I prefer to do
>filtering in the filter table as $DEITY intended. :)
Yeah I would wonder too; esp. because they are in OUTPUT, not in
PRE/POSTROUTING.
I'd recommend a -P DROP anyway and build up -j ACCEPTs from there.
Jan Engelhardt
--
| Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen,
| Am Fassberg, 37077 Goettingen, www.gwdg.de
More information about the netfilter
mailing list