Am 16.07.2011 19:41, schrieb Andrea Scarpino: > On 16 July 2011 19:32, Vic Demuzere <vic@xxxxxxxxxxx> wrote: >> So, you're saying that those 4 lines are easier than the 2 short ones >> in hosts.allow? Ah well, I'll have to learn to write iptables scripts >> then, I suppose. > I mean its more intuitive in that way, you've more power on what is > accepted and what isn't.; e.g. you can apply filters only to one > interface. > > Why you should write an iptables script? > > BTW, sorry "-A INPUT -j REJECT" blocks everything then have to be at > the last line, and not at first! You shouldn't do it like this. Look at /etc/iptables/simple_firewall.rules for a simple and non-broken template.
Attachment:
signature.asc
Description: OpenPGP digital signature