@jimmyz wrote:
Well…if I were an expert or even power user of iptables and the network filtering used in the latest linux kernels I would give you better answers. I think that when you are using NAT it makes a difference.
From the article I pointed to and my own experimentation, INPUT to ppp0 includes all traffic coming from the internet. This is why default rule of input drop is needed to get a stealth passed result on the shields up test. This interface is also NAT enabled.
An example of forwarding I know of is where you want to block clients on the lan from communicating to other DNS servers on udp port 53, so you add a rule to drop those matching packets on the forward chain.
Sorry I cannot give you more definitive answers / references.
Hi, you certainly don’t need to apologise for your comments, I appreciate your thoughts/dialogue.
I’ve been testing with ShieldsUp too and it seems from the basic testing that I’ve done that the Input chain does indeed effect more that just traffic originating from anywhere (LAN/Internet) and terminating on ZS itself, so it looks like my understanding is flawed 😳
I think I need to do some Googling on IP Chains etc and do some more testing. If/when I come to any conclusions I’ll repost.
Thanks for your thoughts, again.