hi,
Is it better to put the command tha sets the default policy (DROP in my case) to the beginning of the script and then writing the ACCEPT section or the opposite?
IMO is better to set DROP as default policy and allow only the traffic you *really* need.
I use DROP for INPUT and FORWARD. I have ACCEPT for OUTPUT on my home box.
This approach will fit nearly all easy installations.
What do you plan to deploy on "netfiltered" machine?
regards, Astib();
-- A l e s S t i b a l, Wintel free, powered by AthlonXP and Gentoo Linux. <astib@xxxxxxxxxx> Giganet.cz community network, Litomerice, Czech Republic
