* Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]> [25-08-04 12:40]: > On 2004-08-25 Jacob Friis Larsen wrote: > > ... > > # STATE RELATED for router > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > I would rather add a rule to accept ESTABLISHED,RELATED traffic in the > OUTPUT chain and set the default OUTPUT policy to DROP. > > You should also allow ICMP (at least some types) and REJECT TCP traffic > (with RST) rather than just DROP it. IMHO.
Allow ICMP-Types 0, 3, 4, 8, 11 ,12 and REJECT also UDP traffic with 'port-unreachable' -- Tom
