On Tue, 08 Apr 2003 at 03:17:18PM -0700, Kevin Buhr wrote: > > Also note that the mangle PREROUTING chain is run on all incoming > packets before any other chain, so: > > iptables -t mangle -I PREROUTING -s badbox.evil -j DROP > > should drop all packets from "badbox.evil" before any other rule is > checked. Do some testing before taking my word on it, though.
Just a quick security point. A better policy is blocking everything and explicitly allowing what you authorize. All my tables and all my chains in those tables have a default policy of DROP. Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #2: Solar flares
