On Wednesday 19 November 2003 05:21 pm, Thomas Smith wrote: > This script is a good idea but wouldn't it be better to block all > traffic when you clear the iptables rules? From a security perspective, > /all/ traffic should be stopped in the event of a security threat.
imho, no. At least, it shouldn't be the default option. If iptables is stopped, I would expect that there is no use of iptables (both modules in the kernel, and rules in the iptables). I could see putting something in /etc/conf.d/iptables, such as DROP_ALL_ON_STOP. If this option is 1, then when iptables is stopped we reset everything to DROP, instead of to ACCEPT (which should be the default). Best regards, -- Michael C. Ferguson [EMAIL PROTECTED] mcf $ man life No manual entry for life -- [EMAIL PROTECTED] mailing list
