where in the iptables rules does it say to reject connection if no match is found
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Mon Jan 5 18:39:17 UTC 2004
Am Mo, den 05.01.2004 schrieb Sturla Holm Hansen um 18:23:
> On Sun, 2004-01-04 at 21:04, Technical wrote:
> > # Firewall configuration written by redhat-config-securitylevel
> > # Manual customization of this file is not recommended.
> >
> > *filter
> > :INPUT ACCEPT [0:0]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [0:0]
> > :RH-Firewall-1-INPUT - [0:0]
> > -A INPUT -j RH-Firewall-1-INPUT
> > -A FORWARD -j RH-Firewall-1-INPUT
> > -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> > ACCEPT
> > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
[ footer snipped - do not quote footers and signatures due to netiquette
]
> You can either set the policy (under *filter) to reject or you can add
> -A RH-Firewall-1-INPUT -j REJECT as the last line..
>
> Sturla
No, it is not possible to set the default policy to REJECT, only DROP is
allowed. So better always at the end of the filter list a REJECT rule.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
More information about the fedora-list
mailing list