diff -upr linux-2.6.16-gentoo-r3/net/ipv4/netfilter/iptable_filter.c netfilter_dorp_patch_linux/net/ipv4/netfilter/iptable_filter.c
--- linux-2.6.16-gentoo-r3/net/ipv4/netfilter/iptable_filter.c	2006-04-21 22:51:05.000000000 +0200
+++ netfilter_dorp_patch_linux/net/ipv4/netfilter/iptable_filter.c	2006-04-21 22:38:07.000000000 +0200
@@ -135,21 +135,45 @@ static struct nf_hook_ops ipt_ops[] = {
 	},
 };
 
-/* Default to forward because I got too much mail already. */
+/* Default options for the kernel module */
+/* As default everything is accepted */
+static int input = NF_ACCEPT;
+module_param(input, bool, 0000);
+
 static int forward = NF_ACCEPT;
 module_param(forward, bool, 0000);
 
+static int output = NF_ACCEPT;
+module_param(output, bool, 0000);
+
+
+
 static int __init init(void)
 {
 	int ret;
 
+	if (input < 0 || input > NF_MAX_VERDICT ) {
+		printk("iptables input must be 0 or 1\n");
+		return -EINVAL;
+	}
 	if (forward < 0 || forward > NF_MAX_VERDICT) {
 		printk("iptables forward must be 0 or 1\n");
 		return -EINVAL;
 	}
+	if (output < 0 || output > NF_MAX_VERDICT) {
+		printk("iptables output must be 0 or 1\n");
+		return -EINVAL;
+	}
 
+	/* Set the default policys according to the module parameters */
+	/* Entry 0 is the INPUT hook */
+	initial_table.entries[0].target.verdict = -input -1;	
 	/* Entry 1 is the FORWARD hook */
 	initial_table.entries[1].target.verdict = -forward - 1;
+	/* Entry 2 is the OUTPUT hook */
+	initial_table.entries[2].target.verdict = -output -1;
+
+
 
 	/* Register table */
 	ret = ipt_register_table(&packet_filter, &initial_table.repl);