Re: cleaning up my firewall script...

[Bjoern Schmidt <bj-schmidt@uni-paderborn.de>]

Hi Pieter,

Pieter Smit wrote:
> Hi Bjoern,
>
> I remember reading that in iptables the INPUT chain is not used when  

thats right.

> packets are forwarded, only the FORWARD chain, try adding
>
>     iptables -A FORWARD -j SHRED

In fact this line does exist in the function finish_rules(), i removed 
it for readibility on this list. The problem is that the finish rule
is definded as "catchall" rule which makes all chain _policy_ rules
impossible to be used, but the INPUT chain policy rule dropped some
packets AFTER an uptime of at least 10 minutes.
The INPUT chain IS used because the dropped packets were
dropped by the INPUT chain _policy_, not by the FORWARD chain policy.

> Regards,
> Pieter Smit
> On 2004.02.09 02:12, Bjoern Schmidt wrote:
>
> > Richard Verwayen wrote:
> >
> > finish_rules()
> > {
> >         iptables -N SHRED
> >         iptables -A INPUT   -j SHRED
> >         iptables -A SHRED   -j ULOG
> >         iptables -A SHRED   -j DROP
> > }
> >
> > This rule should match on all packets so that the chain
> > policy will never be used, but it does not work correctly.
> > Where is the mistake?
> >
> >
> > --
> > Greetings
> > Bjoern Schmidt
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists. 
> > debian.org


--
Greetings
Bjoern Schmidt