On Tue, Aug 12, 2014 at 09:26:17AM -0500, Neil Aggarwal wrote: > > Jonathan: > > > Looking at the documentation closer, there does appear to be a way to > > add rules to the OUTPUT table, using the rich rules syntax. > > Do you see a way to set the default policy to DROP? Most likely, just adding the rich rule with the DROP in it will make the OUTPUT rule drop by default. I haven't tested it. -- Jonathan Billings <billings at negate.org>