On Thu, May 08, 2008 at 07:37:25PM -0700, Erik Mundall wrote: > > sudo iptables -F > sudo iptables -X > sudo iptables -P INPUT ACCEPT > sudo iptables -P OUTPUT ACCEPT > > The instructions were that this would completely open up the iptables, > and would require a firewall to take care of the security in place of > the iptables. > > But now I ask: > 1) Is this safe?
I'm not sure what you mean by this. Basically, those commands completely flush all rules, delete all user-defined chains and default allow all inbound and outbound traffic. If your system faces the public Internet and you execute those commands and don't follow them up with any protective measures, then that is certainly a recipe for disaster. > 2) Does shorewall replace ALL of the necessary iptables rules with its > own secure policies, or does it merely adjust the tables already > there? Shorewall replaces all the iptables rules, else there would be no sane way to do it. > 3) Would there be any better way of opening up the iptables? > If you run 'shorewall clear' it has the same effect as the commands you listed above. Of course, then you leave yourself wide open. You can do this for troubleshooting, for example, to see if some misbehavior still occurs after clearing the iptables rules, which will tell you if the problem is with Shorewall or with something else. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
