my actual iptables inquiry
alexander.dalloz at uni-bielefeld.de
Sat Feb 21 02:18:56 UTC 2004
Am Fr, den 20.02.2004 schrieb Ricardo A. Vetrovec um 20:36:
> that's true
> but i read boxes, so i think maybe he are mading a small network
> IF not the case we have to construct with INPUT and OUTPUT
> the last sentence of the drop general are good? i don't remeber exactly
> because i use /etc/sysconfig/iptables to my rules!!!!!
No, DROP is no good general rule. Even you can use for a general rule
setting the chain policy. But choosing DROP as policy you really should
set a REJECT rule as last matching rule in the chain.
Additional, already your first rule suggestions are faulty. If you use
your browser and connect to a foreign web server at port 80 your own
port is not privileged port 80 but an occasional high port.
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 03:10:59 up 1 day, 4:45, load average: 1.20, 0.54, 0.20
[ Γνωθι σ'αυτον - gnothi seauton ]
More information about the users