From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-2?Q?G=E1sp=E1r_Lajos?= Subject: Re: Default deny rule Date: Mon, 21 May 2007 18:03:58 +0200 Message-ID: <4651C2EE.2080803@freemail.hu> References: <464440C4.7000605@freemail.hu> <4648570D.4040308@freemail.hu> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1"; format="flowed" To: Gopinath Cc: Netfilter IPtableMailinglist Hi, Gopinath =EDrta: > Hi, > > My objective is to replace my existing firewall with a Linux firewall. > We have point to point connectivity through VSAT with one of our > customer. The only major thing which the firewall need to do is STATIC > NAT. As you may see since this is a point to point connectiviy all the > IPs employed are Private IPs. While checking the f/w in simulation > mode, things were working fine (except default denying). I already > tried to achieve DEFAULT DENY by changing the default behaviour of > FORWARD policy to DROP by issuing the command "iptables -P FORWARD > DROP". But when i do this all the traffic were getting dropped. So If EVERYTHING is dropped then your rules do not get hit by the traffic.=20 (Your rules are wrong.) Try to capture the traffic. Maybe you can find the problem. > > again i tried by appending a policy in forward chain (last rule) to (policy is always the last rule... :D ) > drop all the packets by default. But even this didn't worked out. Hope > you can understand my requirement & how i do the NATTing from my > previous mail. > > Even though i have worked a bit with iptables before, I am a begginer > in building a linux firewall with iptables :-) > > Cheers :) > Gopinath.U Swifty