[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cleaning up my firewall script...



Hi Pieter,

Pieter Smit wrote:
Hi Bjoern,

I remember reading that in iptables the INPUT chain is not used when

thats right.

packets are forwarded, only the FORWARD chain, try adding

    iptables -A FORWARD -j SHRED

In fact this line does exist in the function finish_rules(), i removed it for readibility on this list. The problem is that the finish rule
is definded as "catchall" rule which makes all chain _policy_ rules
impossible to be used, but the INPUT chain policy rule dropped some
packets AFTER an uptime of at least 10 minutes.
The INPUT chain IS used because the dropped packets were
dropped by the INPUT chain _policy_, not by the FORWARD chain policy.


Regards,
Pieter Smit
On 2004.02.09 02:12, Bjoern Schmidt wrote:

Richard Verwayen wrote:

finish_rules()
{
        iptables -N SHRED
        iptables -A INPUT   -j SHRED
        iptables -A SHRED   -j ULOG
        iptables -A SHRED   -j DROP
}

This rule should match on all packets so that the chain
policy will never be used, but it does not work correctly.
Where is the mistake?


--
Greetings
Bjoern Schmidt



--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists. debian.org





--
Greetings
Bjoern Schmidt




Reply to: