From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tutov.roman@rostov.aston.ru>
Date: Wed, 31 Mar 2004 16:27:43 +0400
From: =?Windows-1251?B?0vPy7uIg0O7s4O0gwujq8u7w7uLo9w==?=
	<tutov.roman@rostov.aston.ru>
X-Mailer: The Bat! (v2.00.6) Business
Organization: ASTON
X-Priority: 3 (Normal)
Message-ID: <8614723390.20040331162743@rostov.aston.ru>
To: Community@altlinux.ru
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on aston.ru
X-Spam-Level: *
X-Spam-Status: No, hits=1.7 required=7.0 tests=BAYES_80 autolearn=no 
	version=2.63
Cc: 
Subject: [Comm] =?windows-1251?b?TWFzdGVyIDIuMiAo7+735ezzPyk=?=
X-BeenThere: community@altlinux.ru
X-Mailman-Version: 2.1.4
Precedence: list
Reply-To: community@altlinux.ru
List-Id: Mailing list for ALT Linux users <community.altlinux.ru>
List-Unsubscribe: <http://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/community>
List-Post: <mailto:community@altlinux.ru>
List-Help: <mailto:community-request@altlinux.ru?subject=help>
List-Subscribe: <http://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2004 12:26:48 -0000
Archived-At: <http://lore.altlinux.org/community/8614723390.20040331162743@rostov.aston.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

Здравствуйте, Community.

Вопрос разработчикам
почему в скрипте /etc/rc.d/init.d/iptables
в нижеприведенном куске используется ACCEPT policy
ведь логичнее было бы сделав service network stop
получить deny по всем цепочкам .

____________________
stop() {
        chains=`cat /proc/net/ip_tables_names 2>/dev/null`
        for i in $chains; do iptables -t $i -F; done && \
                success $"Flushing all chains:" || \
                failure $"Flushing all chains:"
        for i in $chains; do iptables -t $i -X; done && \
                success $"Removing user defined chains:" || \
                failure $"Removing user defined chains:"
        echo -n $"Resetting built-in chains to the default ACCEPT policy:"
        iftable filter -P INPUT ACCEPT && \
           iftable filter -P OUTPUT ACCEPT && \
           iftable filter -P FORWARD ACCEPT && \
           iftable nat -P PREROUTING ACCEPT && \
           iftable nat -P POSTROUTING ACCEPT && \
           iftable nat -P OUTPUT ACCEPT && \
           iftable mangle -P PREROUTING ACCEPT && \
           iftable mangle -P OUTPUT ACCEPT && \
           success $"Resetting built-in chains to the default ACCEPT policy" || \
           failure $"Resetting built-in chains to the default ACCEPT policy"

        echo
        rm -f /var/lock/subsys/iptables
}
_____________________

-- 
Тутов Роман Викторович 
Системный администратор
ASTON Agro Industrial Company Group 
mailto:tutov@aston.ru