Por que a política DROP do ip6tables perde pacotes?

0

Eu tenho regras de ip6tables como esta:

root@admin:~# cat /etc/iptables/rules.v6
*filter
:INPUT DROP [10954:4558559]
:FORWARD DROP [0:0]
:OUTPUT DROP [42631:2058968]
COMMIT
*nat
:PREROUTING ACCEPT [10945:4557911]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [365:29228]
:POSTROUTING ACCEPT [0:0]
COMMIT

Mas se eu digitar ip6tables -nvL eu vejo isto:

root@admin:~# ip6tables -nvL
Chain INPUT (policy DROP 138K packets, 53M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 240K packets, 12M bytes)
 pkts bytes target     prot opt in     out     source               destination

Por que, mesmo se eu bloquear todos os pacotes de tráfego do ipv6, eles ainda serão processados?

    
por Dan 15.06.2018 / 00:49

0 respostas