Iptables & Default policy of Reject

10/09/2007, 23h00

Hi

I am just going through my firewall setup and I notice I can no longer
do iptables -P INPUT REJECT

when did this happen ? I could have sworn that is what I used to use as
a default, yes I know I can drop and add a -A -j REJECT

amd64 lenny
iptables -V
iptables v1.3.8
uname -r
2.6.20-1-amd64

iptables -P INPUT REJECT
iptables: Bad policy name

but I can do a iptables -A INPUT -j REJECT

strange

Alex
ps sorry if this a double post I did not see my previous email make it to the
list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG5b04kZz88chpJ2MRApUnAJ9Ret/gtkqIhtgIJ692Reh0JDyRXwCfe9CO
y0jrj+3gLpE6OD8tNB1RHU0=
=pfF9
-----END PGP SIGNATURE-----

10/09/2007, 23h10

On 9/10/07, Alex Samad <alex@samad.com.au> wrote:
> Hi
>
> I am just going through my firewall setup and I notice I can no longer
> do iptables -P INPUT REJECT

iptables -P INPUT DROP

I use DROP. I guess it is not a good idea to send ICMP packets back
by default (But I don't know if it can be done).

Anyway, here is the result of my test:

fugue:~# iptables -P INPUT REJECT
iptables: Bad policy name
fugue:~# iptables -P INPUT DROP
fugue:~# uname -a
Linux fugue 2.6.22-1-686

Regards,
N.-

--
http://arhuaco.org

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

11/09/2007, 02h30

On 09/10/2007 04:55 PM, Alex Samad wrote:
> Hi
>
> I am just going through my firewall setup and I notice I can no longer
> do iptables -P INPUT REJECT
>
> when did this happen ? I could have sworn that is what I used to use as
> a default, yes I know I can drop and add a -A -j REJECT
>
>
> amd64 lenny
> iptables -V
> iptables v1.3.8
> uname -r
> 2.6.20-1-amd64
>
> iptables -P INPUT REJECT
> iptables: Bad policy name
>
> but I can do a iptables -A INPUT -j REJECT
>
> strange
>
>
> Alex
> ps sorry if this a double post I did not see my previous email make it to the
> list

Your previous e-mail was seen by me.

No, I don't remember ever being able to specify a REJECT policy for the
INPUT chain.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

10/09/2007, 23h00	#1
Alex Samad Messages: n/a Hébergeur:	Iptables & Default policy of Reject Hi I am just going through my firewall setup and I notice I can no longer do iptables -P INPUT REJECT when did this happen ? I could have sworn that is what I used to use as a default, yes I know I can drop and add a -A -j REJECT amd64 lenny iptables -V iptables v1.3.8 uname -r 2.6.20-1-amd64 iptables -P INPUT REJECT iptables: Bad policy name but I can do a iptables -A INPUT -j REJECT strange Alex ps sorry if this a double post I did not see my previous email make it to the list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG5b04kZz88chpJ2MRApUnAJ9Ret/gtkqIhtgIJ692Reh0JDyRXwCfe9CO y0jrj+3gLpE6OD8tNB1RHU0= =pfF9 -----END PGP SIGNATURE-----

10/09/2007, 23h10	#2
Nelson Castillo Messages: n/a Hébergeur:	Re: Iptables & Default policy of Reject On 9/10/07, Alex Samad <alex@samad.com.au> wrote: > Hi > > I am just going through my firewall setup and I notice I can no longer > do iptables -P INPUT REJECT iptables -P INPUT DROP I use DROP. I guess it is not a good idea to send ICMP packets back by default (But I don't know if it can be done). Anyway, here is the result of my test: fugue:~# iptables -P INPUT REJECT iptables: Bad policy name fugue:~# iptables -P INPUT DROP fugue:~# uname -a Linux fugue 2.6.22-1-686 Regards, N.- -- http://arhuaco.org -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

11/09/2007, 02h30	#3
Mumia W.. Messages: n/a Hébergeur:	Re: Iptables & Default policy of Reject On 09/10/2007 04:55 PM, Alex Samad wrote: > Hi > > I am just going through my firewall setup and I notice I can no longer > do iptables -P INPUT REJECT > > when did this happen ? I could have sworn that is what I used to use as > a default, yes I know I can drop and add a -A -j REJECT > > > amd64 lenny > iptables -V > iptables v1.3.8 > uname -r > 2.6.20-1-amd64 > > iptables -P INPUT REJECT > iptables: Bad policy name > > but I can do a iptables -A INPUT -j REJECT > > strange > > > Alex > ps sorry if this a double post I did not see my previous email make it to the > list Your previous e-mail was seen by me. No, I don't remember ever being able to specify a REJECT policy for the INPUT chain. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email