On 2004-12-06 V�ctor A. Ramos wrote: > On Mon, 2004-12-06 at 08:10 +0100, Ansgar -59cobalt- Wiechers wrote: >> On 2004-12-06 Victor A. Ramos wrote: >>> so the 'policy' should be: reject all input connections >> >> That's already done by your system's IP stack. >> >>> and external pings.... >> >> That doesn't make sense. >> >>> and allow all connections from my PC to Internet. >> >> That's done by your system's IP stack as well. >> >>> I've looking and studying a lot of manuals and how-to's but all of >>> them are destinate to a Debian system working as a router for a LAN >>> :-/ >> >> That's because it usually doesn't make sense to do packet filtering on a >> host that doesn't have any services bound to external interfaces. >> >> You simply don't need to do any packet filtering at all. > > I'm disagree with you... and here is a quote from the iptables > documentation section at netfilter.org: > > http://netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-1.html
M-hm. And which part of that exactly is supposed to support your disagreement? (hint: you do not have a network) Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
