Hi, David. Thank you for correcting a rule for OUTPUT chain. I mean that I forgot to add ... -P OUTPUT ... policy. I have only one network device - router. Is that what you mean by writing *network devices*? So, according to your opinion, I have to use the second rule, right? (iptables -P OUTPUT ACCEPT). I'm using the only one interface - eth0.
Pascal, what is the criterion, to optimize? Frankly, I don't know, because it is a typical desktop. So, I think it does not need some special criteria, right? Or maybe I'm wrong. What would you do in my place? (so stupid question, sorry). Best regards.
