Beacuse then your not running a firewall, your running a router.. why bother doing that, just don't run any rules at all..
My point is that if a new device is added or dynamically added (ppp+) then it's automatically assumed ACCEPTED... I prefer it DROPped (-P) and find out later why than accepted and not find out at all.... ANyway.. he had eth0 ONLY so there was no point putting rules if he's accepting anything but /dev/lo -----Original Message----- From: Oskar Andreasson [mailto:[EMAIL PROTECTED]] Sent: Friday, 05 July 2002 8:21 PM To: George Vieira; 'Mitsuo HAMADA'; [EMAIL PROTECTED] Subject: RE: FTP failed > BTW: Why is it I'm seeing so many people using the ! so much?? I actually > never use it except for possibly #!/bin/bash and that's it. > Because it's simple and timesaving, both for you and the firewall, basically. For example, why write: iptables -i eth0 -j ACCEPT iptables -i eth1 -j ACCEPT iptables -i eth2 -j ACCEPT iptables -i eth3 -j ACCEPT iptables -i tr0 -j ACCEPT iptables -i ppp0 -j ACCEPT When you could write: iptables -i ! lo -j ACCEPT This is an extremely simple example, of course, but still valid. It puts less stress on you, as well as cpu cycles. Have a nice day, ---- Oskar Andreasson http://iptables-tutorial.haringstad.com http://people.unix-fu.org/andreasson/ mailto: [EMAIL PROTECTED] > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > http://www.citadelcomputer.com.au > > > >
