> there are definitely two schools of thought: 1) those who set I know ;o) > if you want to be really restrictive on your OUTPUT chain, > that's fine. but for testing purposes, you might want to > open it up, make sure everything works, *then* lock it down > and see what breaks. at least you'll be closer to isolating > the problem. I was referring to the last statement, not your question (which makes this OT btw, but I wanted to answer Steve) : > > Just my 0.02, if it's worth that much considering I cant even get > > DNS lookups from my fw working..... In your case I'd not set policy to DROP for OUPUT. IMHO it would be overkill for an introduction of approx. 30 minutes. Gr, Rob
