DROP

Brent Clark bclark at eccotours.dyndns.org
Mon Apr 18 07:37:22 CEST 2005


Hi all

I was wondering, if was adviseable to set the default policy for tables 
nat and mangle to DROP.
Current in my ruleset I have it as soo.

$IPT -t nat --policy PREROUTING ACCEPT
$IPT -t nat --policy OUTPUT ACCEPT
$IPT -t nat --policy POSTROUTING ACCEPT
$IPT -t mangle --policy PREROUTING ACCEPT
$IPT -t mangle --policy POSTROUTING ACCEPT

The default policy I have as soo:
$IPT --policy INPUT DROP        #Setting the default policy for INPUT chain
$IPT --policy FORWARD DROP      #Setting the default plicy for FORWARD chain
$IPT --policy OUTPUT DROP       #Setting the default policy for the 
OUTPUT chain

So do i need to need to go the extra mile and set the default policy for 
tables nat and mangle to DROP.

Just something I was thinking.

Kind Regards
Brent Clark



More information about the netfilter mailing list