On Fri, 16 Jan 2009, Frank Chiulli wrote: > Mike, > First let me say that the examples are a great addition to the page. > > I was looking at the iptables sample configuration and had some > questions. I compared your suggested configuration to my current > configuration (Fedora 10). With the exception of the lines with > '--tcp-flags' in your sample configuration, they're pretty close. I > don't have those yet. The first three lines that start with '-A' in > your sample are the same as mine except the order is different. Does > the order make a difference? > > Here are the lines from my file: > -A INPUT -m state --state ESTABLISHED,RELATED -j accept > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > > Here are yours: > -A INPUT -i lo -j ACCEPT > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > The order isn't that important though I should really have established,related come first. The main reason for this is because IPTables runs like a list, any already approved content doesn't have to get checked against much of the list but instead is automatically approved. This has security implications but for most setups its a good policy. I'll actually move that up now and refresh that page soon. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
