I'm disagree with you... and here is a quote from the iptables documentation section at netfilter.org:
http://netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-1.html That's all folk! :) On Mon, 2004-12-06 at 08:10 +0100, Ansgar -59cobalt- Wiechers wrote: > On 2004-12-06 VÃctor A. Ramos wrote: > > I write this e-mail, because I'd like to build a firewall on my Debian > > system, using iptables. > > My computer is a Internet client, and doesn't offer any service or > > server to the Internet(no ssh, no smtp... anything), > > Then what do you need iptables for? > > > so the 'policy' should be: reject all input connections > > That's already done by your system's IP stack. > > > and external pings.... > > That doesn't make sense. > > > and allow all connections from my PC to Internet. > > That's done by your system's IP stack as well. > > > I've looking and studying a lot of manuals and how-to's but all of > > them are destinate to a Debian system working as a router for a LAN > > :-/ > > That's because it usually doesn't make sense to do packet filtering on a > host that doesn't have any services bound to external interfaces. > > You simply don't need to do any packet filtering at all. > > Regards > Ansgar Wiechers > -- > "Those who would give up liberty for a little temporary safety > deserve neither liberty nor safety, and will lose both." > --Benjamin Franklin > > -- VÃctor A. Ramos <itchysoft_AT_yahoo_DOT_es> (o_ Debian GNU/Linux .'''`. //\ Registered User : :' : V_/_ #315167 `. `' ` Jabber ID <vramos_AT_jabber_DOT_org>
