Your first example should be: iptables -P OUTPUT DROP iptables -A OUTPUT -o eth0 -j ACCEPT
The difference between both is simply that in the first example you only allow outbound traffic going through your eth0 device. If you would have multiple network devices you would still be dropping outbound traffic from the other devices. Your second example allows outgoing traffic by default no matter what interface. If you had multiple devices you could specify to drop those with iptables -A OUTPUT -o eth1 -j drop So it really depends on what you prefer. But if you just want to allow outgoing traffic starting from you desktop just use your second example. Kind Regards, David 2013/6/22 Daniel Curtis <[email protected]> > Hi > > I have a question about iptables and rules for OUTPUT > chain. If I have a typical desktop without any services > like SSH, Samba etc. it is better to use something like?; > > iptables -P DROP > iptables -A OUTPUT -o eth0 -j ACCEPT > > or it does not matter and it could be a simple one rule; > > iptables -P OUTPUT ACCEPT > > I'm asking because I'm curious. And frankly I've always been. > > Best regards. >
