Hello, Daniel Curtis a écrit : > > I have a question about iptables and rules for OUTPUT > chain. If I have a typical desktop without any services > like SSH, Samba etc. it is better to use something like?; > > iptables -P DROP > iptables -A OUTPUT -o eth0 -j ACCEPT > > or it does not matter and it could be a simple one rule; > > iptables -P OUTPUT ACCEPT
These two sets of commands do different things and cannot be compared simply. "Better" suggests optimization, and optimization requires a criterion. What is the objective criterion you wish to optimize ? -- To UNSUBSCRIBE, email to debian-firewall-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51c58219.8020...@plouf.fr.eu.org
