iptables templates
Wilmer Jaramillo M.
wilmer at fedoraproject.org
Fri May 25 05:06:49 UTC 2007
On 5/24/07, seth vidal <skvidal at fedoraproject.org> wrote:
> Here's what I've used in the past.
>
> It allows connections for certain ports/places and then drops everything
> else as the last item.
>
> http://linux.duke.edu/~skvidal/misc/iptables-template
>
> it's pretty painless, really.
:D good beginning, I believe that the best policy must be more
restrictive, block inbound traffic on the chain INPUT and FORWARD with
the rule DROP and later opening the ports that are necessary.
> If we want to add explicit outbound rules, too, that's fine, but I'd
> advise enabling logging b/c that stuff is easy to get wrong. :)
Perhaps in the chain POSTROUTING but The OUTPUT chain is rarely used,
I don't see some use on fedoraproject now.
--
Wilmer Jaramillo M.
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A
More information about the Fedora-infrastructure-list
mailing list