iptables question

JD jd1008 at gmail.com
Wed Aug 18 03:23:59 UTC 2010


  On 08/17/2010 06:31 PM, Genes MailLists wrote:
> On 08/17/2010 02:08 AM, Tom H wrote:
>   #! /bin/sh
>> IPTABLES="/sbin/iptables"
>> $IPTABLES --table filter --policy INPUT ACCEPT
>> $IPTABLES --table filter --policy FORWARD ACCEPT
>> $IPTABLES --table filter --policy OUTPUT ACCEPT
>
>     Not saying I'm commenting on the wisdom of the rules one way or
> another - just asking - Does one really want default policy of accept on
> all of these ?
>
>   g
It's strange, but I assume that you start with a promiscuous
filter, and then you add rules to button it up.
I really do  not know how these rules are consulted,
and which rule takes precedence .



More information about the users mailing list