Re: iptables question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 08/18/2010 01:06 PM, Tom H wrote:
> On Tue, Aug 17, 2010 at 9:31 PM, Genes MailLists<lists@xxxxxxxxxxxx>  wrote:
>> On 08/17/2010 02:08 AM, Tom H wrote:
>>   #! /bin/sh
>>> IPTABLES="/sbin/iptables"
>>> $IPTABLES --table filter --policy INPUT ACCEPT
>>> $IPTABLES --table filter --policy FORWARD ACCEPT
>>> $IPTABLES --table filter --policy OUTPUT ACCEPT
>>    Not saying I'm commenting on the wisdom of the rules one way or
>> another - just asking - Does one really want default policy of accept on
>> all of these ?
> I've seen some flame wars on this topic... :)
>
> I was just posting the iptables commands needed to result in the
> "iptables -L" output that the firewall GUI of the OP had created.
>
> Unless you add some rules for OUTPUT, you have to have it default to ACCEPT.
>
> Since this is a desktop with a GUI, it doesn't matter whether FORWARD
> defaults to ACCEPT or DROP.
>
> Although I prefer and use DROP for INPUT, the reasoning of the GUI
> developer/maintainer must be that having "$IPTABLES --append INPUT
> --jump DROP" as the last INPUT rule makes the ACCEPT default safe.
That sounds similar to what I had read many years ago
when I was running freebsd.
I was advised to start the INPUT of the ipfw rules in promiscuous mode,
and button them up and end with the final rule to drop or reject.

If the rule is started with a reject or a drop, then that is the final 
resolution
of the packet, right? no further rule match is attempted. Is this correct?
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux