On Wed, Apr 25, 2012 at 12:35:46PM -0500, Leonid Isaev wrote: > Assuming you are running a desktop machine, why would you want to DROP by > default all outgoing traffic? AFAICT google voice app makes you browser > establish some UDP connecyions + https. So here are few observations regarding > your ruleset: > 1. Default policy for OUTPUT should be ACCEPT and all following OUTPUT > rules should be removed. Also, default DROP policy for INPUT is just impolite > -- use REJECT instead. > 2. Unless you have a good understanding of ICMP (which is way more than ping), > all icmp should be allowed (please don't tell me about pings of death or DoS > because of ping floods). Good points. I've made changes regarding to your instruction. > 3. You really have to start differentiating between NEW and other connections. >
