DROP

Stephen J. McCracken smccracken at hcjb.org.ec
Fri Apr 22 15:54:05 CEST 2005


Jason Opperisano wrote:
> On Mon, Apr 18, 2005 at 07:37:22AM +0200, Brent Clark wrote:

>>I was wondering, if was adviseable to set the default policy for tables 
>>nat and mangle to DROP.
> 
> no.  *all* packets traverse the filter chains--do your filtering
> there.

Just to better understand, don't all packets also pass the mangle table 
and only the first packet of a connection the nat table?

Thanks for your enlightenment...

sjm



More information about the netfilter mailing list