my actual iptables inquiry

Sat Feb 21 02:18:56 UTC 2004

Am Fr, den 20.02.2004 schrieb Ricardo A. Vetrovec um 20:36:
> that's true
> 
> but i read boxes, so i think maybe he are mading a small network
> 
> IF not the case we have to construct with INPUT and OUTPUT
> 
> the last sentence of the drop general are good? i don't remeber exactly 
> because i use /etc/sysconfig/iptables to my rules!!!!!

No, DROP is no good general rule. Even you can use for a general rule
setting the chain policy. But choosing DROP as policy you really should
set a REJECT rule as last matching rule in the chain.

Additional, already your first rule suggestions are faulty. If you use
your browser and connect to a foreign web server at port 80 your own
port is not privileged port 80 but an occasional high port.

Alexander

-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 03:10:59 up 1 day, 4:45, load average: 1.20, 0.54, 0.20 
                   [ Γνωθι σ'αυτον - gnothi seauton ]