Comment 2 for bug 197322

hendrik (hendrik-patchworklady) wrote :

This patch against /etc/init.d/ufw (Version: 0.13) modifies the init-script to allow a default policy of 'reject' for INPUT, OUTPUT or FORWARD. As REJECT is not a built-in target, the default policy for the table is set to DROP, but all traffic is rejected by two catch-all rules at the bottom of the table, one rejecting TCP via '--reject-with tcp-reset', the next rejecting all other protocols via the default '--with-reject icmp-port-unreachable'.