|
|
|
|
|
|
by jcalvinowens
73 days ago
|
|
|
People saying "the FOWARD chain defaults to ACCEPT" are missing the deeper point: with the kconfig most distros use, the filtering code doesn't even exist at all until you load the kernel modules! At the lowest level, it is impossible to have a default DROP for forwarding, because nftables is an optional piece of the kernel that often isn't loaded. |
|
|