Hi there, I run a firewall/NAT machine on kernel 2.4.5 and use iptables.

Only thing is, there is no lib_ipt_DENY.so file, which struck me as bizarre, but its not there.

Can someone advise as to where to find this file, or email it to me.

maimailto:P.barbier@online-bills.com

Thanks,

You may have to recompile your kernel. I don't see why you would though unless you've already recompiled it and told it not to include the DENY target.

I found the answer is that iptables doesn't support DENY any more, its now encouraged to -j DROP instead.

Thanks anyway,

Yeah, it was changed to DROP because people had trouble remembering the difference between "DENY" and "REJECT". With "DROP" and "REJECT", it's easy to remember which is which -- DROP is the one that DROPs the packet.

Some other things were changed for iptables. The most noticable is the addition of the NAT stuff directly into the firewall, which also introduces the PREROUTING and POSTROUTING tables. So now you have INPUT, OUTPUT, FOWARD, PREROUTING, and POSTROUTING, and the behavior of INPUT, OUTPUT, and FORWARD have changed drastically.