Fedora Security Policy
Mike McGrath
mmcgrath at redhat.com
Tue Jan 20 22:54:21 UTC 2009
On Tue, 20 Jan 2009, Jorge Bras wrote:
> Hi there,
>
> in iptables config, why not, change the default forward policy to drop ?
> by default ip forwarding is off, but I think is a good practice deny
> everything by default, just in case.
>
I could be wrong on this but:
net.ipv4.ip_forward = 0
listed in 1.2 should cover that. I'm not sure how its all designed to
work. I just know how it seems to work.
Its probably not a bad idea to set it in both places though.
-Mike
More information about the Fedora-infrastructure-list
mailing list