Firewall (WAS: IRC Log for Fedora Infrastructure Meeting (2007-06-14))

Oliver Falk oliver at
Fri Jun 15 06:55:26 UTC 2007

On 06/14/2007 11:02 PM, Jeffrey C. Ollie wrote:
> [15:24] skvidal: uno momento
> [15:24] skvidal:

Regarding this rules... Better would be to set default input policy to
DROP, if you don't do any logging at the end; Or do logging :-)

You should also add a rule for *auth* tcp/113. never drop that, accept
it or reject it! Else any auth check will need to run into a timeout...

For host-based firewalls this is not needed, but if you have hosts
behind this host (eg. host acting as a gateway), you should also add
rules like this for traceroute:

-A INPUT -m state --state NEW -p udp  -m udp --dport 33434:33524
                                                         -j ACCEPT


More information about the Fedora-infrastructure-list mailing list