Re: cleaning up my firewall script...
Pieter Smit wrote:
I remember reading that in iptables the INPUT chain is not used when
packets are forwarded, only the FORWARD chain, try adding
iptables -A FORWARD -j SHRED
In fact this line does exist in the function finish_rules(), i removed
it for readibility on this list. The problem is that the finish rule
is definded as "catchall" rule which makes all chain _policy_ rules
impossible to be used, but the INPUT chain policy rule dropped some
packets AFTER an uptime of at least 10 minutes.
The INPUT chain IS used because the dropped packets were
dropped by the INPUT chain _policy_, not by the FORWARD chain policy.
On 2004.02.09 02:12, Bjoern Schmidt wrote:
Richard Verwayen wrote:
iptables -N SHRED
iptables -A INPUT -j SHRED
iptables -A SHRED -j ULOG
iptables -A SHRED -j DROP
This rule should match on all packets so that the chain
policy will never be used, but it does not work correctly.
Where is the mistake?
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.