[Techtalk] iptables question
Malcolm Tredinnick
malcolm at commsecure.com.au
Fri Aug 1 15:28:31 EST 2003
On Fri, 2003-08-01 at 15:15, Carla Schroder wrote:
> OK netfilter gurus, gather ye round:
>
> One of my gurus insists this is a valid iptables rule:
>
> iptables -t filter -P POSTROUTING DROP
>
> Well I don't think POSTROUTING belongs in the filter table, it belongs to the
> NAT table. What say ye?
I'm with you, Carla: if it works, it's purely by accident or due to a
bug. POSTROUTING is a built-in chain of the nat and mangle tables, but
not of the filter table (filter only has INPUT, OUTPUT and FORWARD).
It may be possible to add a chain called POSTROUTING to the filter table
(untested), but why would you?
Cheers,
Malcolm
More information about the Techtalk
mailing list