iptables SECURITY - default settings

[Harald Hoyer]

Wal wrote:
> Is it possible to have the Fedora Core
> default, out-of-the-box iptables settings
> be more like the following?
> 
> RelatedComponent- system-config-securitylevel
> File- /etc/sysconfig/iptables
> 
> # generated by ____
> #
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT DROP [0:0]
> :SecLev505-INPUT - [0:0]
> -I SecLev505-INPUT -p all -j DROP

Huh?? You are dropping everything in the first place???

> -I SecLev505-INPUT -p udp -m udp -s <DNS_SERVER1>
> --sport 53 --dport 1025:65535 -j ACCEPT
> -I SecLev505-INPUT -p udp -m udp -s <DNS_SERVER2>
> --sport 53 --dport 1025:65535 -j ACCEPT
> -I SecLev505-INPUT -p tcp -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> -I SecLev505-INPUT -p tcp -m tcp -s 0/0 --syn -j DROP
> -I SecLev505-INPUT -i lo -s 0/0 -j ACCEPT
> -I INPUT -j SecLev505-INPUT
> :OUTPUT ACCEPT [0:0]
> COMMIT
> 
>