efg output, best place to add input drop rules
by gobo7 from LinuxQuestions.org on (#52CCG)
i've been working with the output from the easy firewall generator.
My thanks to the developers of this tool.
but, i have some drop rules to add.
i.e.: $IPT -A INPUT -i eth0 -s 58.0.0.0/8 -j DROP
in my current experiments, they have been placed in the INPUT Chain
section, between drop bad packets (-A INPUT -p ALL -j bad_packets)
and the DOCSIS modem rules.
is this the best location? for no other processing other than to
discard this traffic.
thanks.
gobo
My thanks to the developers of this tool.
but, i have some drop rules to add.
i.e.: $IPT -A INPUT -i eth0 -s 58.0.0.0/8 -j DROP
in my current experiments, they have been placed in the INPUT Chain
section, between drop bad packets (-A INPUT -p ALL -j bad_packets)
and the DOCSIS modem rules.
is this the best location? for no other processing other than to
discard this traffic.
thanks.
gobo