On 4 Jul 2005, KC wrote:
[...]
> *nat
> :PREROUTING DROP [0:0]
> :POSTROUTING DROP [0:0]
> :OUTPUT DROP [0:0]
> COMMIT
I thought that using a policy of DROP in the nat tables would result in
anything that wasn't NAT-ed being prevented from passing through by
iptables.
I can't find any documentation one way or the other, though, and don't
want to test on my live systems. Maybe you can try varying that?
Daniel
--
I never watch television because it's an ugly piece of furniture, gives off a
hideous light, and, besides, I'm against free entertainment.
-- John Waters
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment