On 29/06/16 20:00, Leon Vergottini wrote:
# DEFAULT FIREWALL POLICY
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# ------------------------------------------------------
# INPUT CHAIN RULES
# ------------------------------------------------------
# MOST COMMON ATTACKS
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Why bother adding DROP rules if the default policy is DROP?
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos