Re: Firewall-troubleshooting

To: debian-security@lists.debian.org
Cc: debian-firewall@lists.debian.org
Subject: Re: Firewall-troubleshooting
From: Daniel Pittman <daniel@rimspace.net>
Date: Mon, 04 Jul 2005 14:17:14 +1000
Message-id: <[🔎] 87slyvmchh.fsf@enki.rimspace.net>
References: <[🔎] 42C6FD25.20507@gmail.com> <[🔎] 87irzssnzi.fsf@enki.rimspace.net> <[🔎] 42C744B3.3090804@gmail.com> <[🔎] 87y88or3jd.fsf@enki.rimspace.net> <[🔎] op.stbya2s8c5hyd6@clojster.org> <[🔎] 87zmt4p4ry.fsf@enki.rimspace.net> <[🔎] da9l34$2k4$1@sea.gmane.org> <[🔎] 42C8AE90.4070708@gmail.com>

On 4 Jul 2005, KC wrote:

[...]

> *nat
> :PREROUTING DROP [0:0]
> :POSTROUTING DROP [0:0]
> :OUTPUT DROP [0:0]
> COMMIT

I thought that using a policy of DROP in the nat tables would result in
anything that wasn't NAT-ed being prevented from passing through by
iptables.

I can't find any documentation one way or the other, though, and don't
want to test on my live systems.  Maybe you can try varying that?

	Daniel

-- 
I never watch television because it's an ugly piece of furniture, gives off a
hideous light, and, besides, I'm against free entertainment.
        -- John Waters

Reply to:

References:
- Firewall-troubleshooting
  - From: KC <sedebian@gmail.com>
- Re: Firewall-troubleshooting
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Firewall-troubleshooting
  - From: KC <sedebian@gmail.com>
- Re: Firewall-troubleshooting
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Firewall-troubleshooting
  - From: "Jakub Sporek" <y-e-d@seznam.cz>
- Re: Firewall-troubleshooting
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Firewall-troubleshooting
  - From: Paul Gear <paul@gear.dyndns.org>
- Re: Firewall-troubleshooting
  - From: KC <sedebian@gmail.com>

Prev by Date: Re: Firewall-troubleshooting
Next by Date: Re: Firewall-troubleshooting
Previous by thread: Re: Firewall-troubleshooting
Next by thread: Re: Firewall-troubleshooting
Index(es):
- Date
- Thread