I am setting up a firewall for home use. Behind the firewall will only sit one (maybe two) computers. My firewall box is running a 2.2.19 kernel with ipchains. I have been setting up my ipchains ruleset using Robert Ziegler's Linux Firewalls book as a guide. I have two questions:
1) What are people's thoughts on this book? Are there any mistakes that people have found? Any suggestions in the sample rulesets that people might disagree with? 2) More to the point, Ziegler suggests setting the input, output, and forward default policies to DENY and then decide what to allow through. It has dawned on me that I can make my rules MUCH simpler by setting the output chain's default policy to ACCEPT and remove all of the output rules from the script since philosophically I don't have any interest or desire to limit what my family members do on the net. As long as I filter out incoming traffic that I deem dangerous, is there anything to fear from having the output default policy set to ACCEPT? Or am I missing something obvious? Thanks!! Bryan Walton -- Bryan K. Walton Network Operations Center Analyst Berbee...putting the E in business http://www.berbee.com/ GPG fingerprint: BF68 340D A650 E2D7 86B9 FED5 DDFF 3EEE 3229 7B5D
