On Mon, Jul 08, 2002 at 04:22:47PM +0100, Antony Stone wrote: > On Monday 08 July 2002 3:56 pm, Antony Stone wrote: > > > On Monday 08 July 2002 3:46 pm, Lukas Ruf wrote: > > > iptables -P INPUT ACCEPT > > > iptables -P OUTPUT ACCEPT > > > iptables -P FORWARD ACCEPT > > I'd prefer to see: > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > Then you add in the rules for the stuff your definitely know you want to > allow.
Be careful with doing this though, if you're managing a remote box. It's *very* easy to cut yourself off the box when setting policy like this. I keep a script around that flushes all rules and sets default policy to ACCEPT, and then make -P DROP the first three commands in the script to configure iptables. This prevents me from neutering my access when I'm hacking around with the firewall rules. Ross Vandegrift [EMAIL PROTECTED]
