DROP

Stephen J. McCracken sjmccracky at myrealbox.com
Fri Apr 22 16:34:28 CEST 2005


Jason Opperisano wrote:
> On Mon, Apr 18, 2005 at 07:37:22AM +0200, Brent Clark wrote:

>>I was wondering, if was adviseable to set the default policy for tables 
>>nat and mangle to DROP.
> 
> no.  *all* packets traverse the filter chains--do your filtering
> there.

Just to better understand, don't all packets also pass the mangle table
and only the first packet of a connection the nat table?

Thanks for your enlightenment...

sjm




More information about the netfilter mailing list