Re: [CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice

Anthony K Wed, 29 Jun 2016 06:12:53 -0700

On 29/06/16 20:00, Leon Vergottini wrote:

#  DEFAULT FIREWALL POLICY
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP


#  ------------------------------------------------------
#  INPUT CHAIN RULES
#  ------------------------------------------------------

#  MOST COMMON ATTACKS
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP


Why bother adding DROP rules if the default policy is DROP?


_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice

Reply via email to