iptables support?
Tim
ignored_mailbox at yahoo.com.au
Sat Dec 10 09:35:38 UTC 2005
Tim:
>> ## Set default (policy) rules:
>>
>> iptables --policy INPUT DROP
>> iptables --policy OUTPUT ACCEPT
>> iptables --policy FORWARD ACCEPT
>>
>> Specific rules follow on from here. Some to explictly deny things I
>> want to take precautions against, and some to allow things I want.
Res:
> This might be fine for a home machine, there are situations where
> policy in should be allowed and accept rules then deny rules, this is
> important if you run iptables on a high loaded server, you will vety
> quickly
Care to finish that sentence off? I can only guess at what you might
have said.
Though, I would have thought that on a server you really wouldn't want a
default input accept policy. You'd have to be *very* *sure* that
everything on that server was internally ignoring connections that
shouldn't be allowed to the outside world. At least a default deny/drop
incoming policy gives you some measure of protection against surprises.
--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the fedora-list
mailing list