At 06:54 AM 5/4/00 +0500, you wrote:
>I've noticed something weird... on my linux box (which is a router amongst
>other things), if I block a port on the INPUT chain, it ends up being
>blocked on the forward chain too.
>
>For example, for the majority of users this box is supposed to be a simple
>gateway. So if I make the default input policy DENY I find that it stops
>forwarding packets completely.
>
>Yes, I am blocking the input chain specifically, not the forward chain.
>
>-Ahsan
>
Double check the IP chains documention, but if I remember right, if you block
something on input, the packet never makes it to the forward rules. I know
it works that way with masquarding. Also, if you have it blocked on output,
it will not make it out of the box even if you are forwarding it. Where
this comes in handy is a box with more then one interface - you can block
the input on one interface, but forward it if it comes in any of the other
interfaces.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
