On Monday 17 November 2003 5:42 pm, Jeffrey Laramie wrote:
> Antony Stone wrote:
> >
> >iptables -P INPUT DROP
> >iptables -P FORWARD DROP
> >iptables -P OUTPUT DROP
> >
> >iptables -F INPUT
> >iptables -F FORWARD
> >iptables -F OUTPUT
> >
> >then no IP traffic will be allowed into, out of, or through, the machine.
>
> Chandana, Antony is making a theoretical point here. Your loopback
> interface uses the OUTPUT chain and dropping every OUTPUT packet could
> cause some unexpected problems. I wouldn't recommend doing this. If you
> ever really wanted to block *all* traffic just unplug the network card(s).
Very well said, Jeffrey :)
Netfilter rules should never be implemented without understanding what they
do, and "blocking all traffic" is an unlikely condition for a working
machine. Apart from anything else, what use is a machine that can't talk or
listen :) ?
Antony.
--
Because it completely breaks the way people normally read things.
Why is top-posting bad?
It means writing your reply above whatever you're replying to.
What does top-post mean?
Please don't top-post in email replies.
Please reply to the list;
please don't CC me.
