DROP

Jason Opperisano opie at 817west.com
Mon Apr 18 15:35:42 CEST 2005


On Mon, Apr 18, 2005 at 07:37:22AM +0200, Brent Clark wrote:
> Hi all
> 
> I was wondering, if was adviseable to set the default policy for tables 
> nat and mangle to DROP.

no.  *all* packets traverse the filter chains--do your filtering
there.

this question seems to come up every so often, and the idea is
absolutely indefensible, IMHO.

-j

--
"Tom Tucker: And now time for the Ollie weather report.
 Ollie: It's gonna rain.
 Tom Tucker: Thanks Ollie."
        --Family Guy



More information about the netfilter mailing list