Actually, the rules defined by iptables are processed in the order in which they are appended (assuming they are simply appended, and not inserted or plugged in at specific locations in the list of defined rules). On my systems, the very last thing I do is log and then drop things which were not handled by earlier rules, and I am definitely not locked out of my systems. Using this technique (dropping everything after certain things are allowed) _can_ certainly lock one out of a system if the necessary things are not all allowed before the default 'DROP' rule(s) are reached, but I _carefully_ use this technique so I can log more information for later examination. Have a _great_ day! On Fri, Dec 01, 2006 at 11:16:32PM -0500, Jude DaShiell wrote: > I finally found how to search for useful gentoo iptables information and > it's something those new to iptables won't think obvious. The trick is to > search for gentoo netfilter tutorial OR howto on google.com. netfilter > appears to be the larger project encompassing iptables and ipchains and > ip6tables. The other tip on reading stuff about iptables on the web is to > remember with firewalls you close everything down first then open up > certain specific access paths. You will find misinformation on the web > advocating setting up specific access paths first then denying everything > else. It doesn't work that way according to peter.youssef at navy.mil, > denying everything as the last rule in a firewall breaks all specific > access paths you defined in earlier rules and leaves you with a closed > system. Cybercrackers can and do write web pages too. > > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- Ralph. N6BNO. Wisdom comes from central processing, not from I/O. rreid at sunset.net http://personalweb.sunset.net/~rreid ...passing through The City of Internet at the speed of light! TAN (x) = SIN (x) / COS (x)
