On 5/24/07, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote:
Here's what I've used in the past. It allows connections for certain ports/places and then drops everything else as the last item. http://linux.duke.edu/~skvidal/misc/iptables-template it's pretty painless, really.
:D good beginning, I believe that the best policy must be more restrictive, block inbound traffic on the chain INPUT and FORWARD with the rule DROP and later opening the ports that are necessary.
If we want to add explicit outbound rules, too, that's fine, but I'd advise enabling logging b/c that stuff is easy to get wrong. :)
Perhaps in the chain POSTROUTING but The OUTPUT chain is rarely used, I don't see some use on fedoraproject now. -- Wilmer Jaramillo M. GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A