Re: services for predetermined IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 15, 2004 at 01:14:13PM -0700, kate wrote:
> so the drop-all would be..?
> 
> iptables -A INPUT -p TCP -i eth0 -s 0/0 -j DROP
> 
> or did I just invent my own thing here?
> tia
> Kate

well--the standard way would be to set the policy of the built-in chain
to DROP; i.e.,

  iptables -P INPUT DROP

the same can be achieved by making the last rule in the chain a drop
rule, like

  iptables -A INPUT -j DROP

but that gets messy if you want to append rules "on the fly" so the
policy method is preferred.

-j

-- 
Jason Opperisano <opie@xxxxxxxxxxx>


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux