Timeline for Why can't I use the REJECT policy on my iptables OUTPUT chain?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 22, 2012 at 9:22 | comment | added | Aaron D. Marasco | I don't think you would want the ethX interface to generate traffic on the lo interface for many reasons. They are very independent; you can easily make chains apply to one and not the other. | |
| Aug 22, 2012 at 2:55 | comment | added | ND Geek | Couldn't the REJECT ICMP packet return on the lo interface? I agree that a LOG is useful for troubleshooting, but what I was really hoping for is a way to remind me that "Oh, yeah...that's probably being blocked by my DROP iptables default" instead of troubleshoots for 5 minutes asks co-worker to access XYZ server realizes it's probably local, which is my most common approach, since my typical workday rarely hits things I haven't opened a hole for already. Of course maybe I need to keep that in mind better, but a flat REJECT is more obvious. | |
| Aug 22, 2012 at 2:25 | history | rollback | Aaron D. Marasco | Rollback to Revision 1 | |
| Aug 22, 2012 at 2:12 | history | edited | LawrenceC | CC BY-SA 3.0 | added 5 characters in body |
| Aug 21, 2012 at 21:50 | history | answered | Aaron D. Marasco | CC BY-SA 3.0 |