At 4/10/01 02:38 PM +0200, you wrote:
>ipchains -P input DENY
>ipchains -P output DENY
>ipchains -P forward DENY
>
>This flushes the chains and sets the default to DENY all. After that I add
>my normal rules to ALLOW only what I want. If ipchains work on a first-match
>system, why do I still get traffic to my box ?
ipchains -P sets the chain's *policy* to DENY. The policy is what happens
when a packet goes through an entire chain and none of the rules match. So
you have ALLOW rules, and then if none of those match, the default policy
of DENY is executed.
It's working as it's supposed to.
--
Rodolfo J. Paiz
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
