On 29/06/16 20:00, Leon Vergottini wrote:
# DEFAULT FIREWALL POLICY iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # ------------------------------------------------------ # INPUT CHAIN RULES # ------------------------------------------------------ # MOST COMMON ATTACKS iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Why bother adding DROP rules if the default policy is DROP? _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
